Log.txt
Logfile of random's system information tool 1.09 (written by random/random)
Run by Scottg at 2012-04-26 12:57:30
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 834 GB (88%) free of 943 GB
Total RAM: 12279 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:35 PM, on 04/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\trend micro\Scottg.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [RemoteControl9] "c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) -
http://support.dell....lSystemLite.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.ad...Plus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EDFE8E86-B437-443B-AE84-E6F40B9D476F}: NameServer = 207.70.128.240,207.70.172.240
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CyberLink Product - 2010/11/10 18:57:30 (CLKMSVC10_9EC60124) - CyberLink - c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sentinel Local License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SessionLauncher - Unknown owner - c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
--
End of file - 11121 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\Dell\DellDock\DockLogin.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k apphost
atieclxx
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\hasplms.exe -run
"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe"
"taskhost.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER
"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
"C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\Config"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE"
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE" C:\Users\Scottg
"C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
"C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
WLIDSvcM.exe 2296
"C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
"C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"C:\Program Files (x86)\CyberLink\Shared files\brs.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
-netsvcs
\??\C:\Windows\system32\conhost.exe "11372854851607368472-191567626-1853967901-660816592-118062816695676418212803595
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\System32\mstsc.exe" /v:"sancho"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552
"C:\Users\Scottg\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
C:\Windows\tasks\SystemToolsDailyTest.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Scottg\AppData\Roaming\Mozilla\Firefox\Profiles\qw1aw24t.default
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\progra~2\mcafee\msc\npmcsn~1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mcafee.com/MSC,version=10]
"Description"=McAfee Total Protection MIME Plugin
"Path"=c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt
Scriptff.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll [2010-11-15 317496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-12-12 75656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-11-15 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-10-18 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2010-11-15 398512]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-11-15 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-02-22 10081312]
"RunDLLEntry_THXCfg"=C:\Windows\system32\THXCfg64.dll [2009-10-15 17920]
"RunDLLEntry_EptMon"=C:\Windows\system32\EptMon64.dll [2009-10-15 21504]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]
"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2011-04-13 1860496]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-11-15 39408]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2010-03-03 284696]
"StartCCC"=c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-17 98304]
"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2010-02-09 1807680]
"THX Audio Control Panel"=C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [2009-12-01 963584]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"RemoteControl9"=c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [2010-04-13 50472]
"BDRegion"=c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2010-04-26 75048]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""=C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [2011-09-16 560128]
C:\Users\Scottg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll [2011-03-21 13672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2010-11-20 290304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=5
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdminShOrigSetting"=5
"ConsentPromptBehaviorUserShOrigSetting"=3
"PromptOnSecureDesktopShOrigSetting"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-04-26 12:57:30 ----D---- C:\rsit
2012-04-26 12:57:30 ----D---- C:\Program Files\trend micro
2012-04-26 12:53:45 ----D---- C:\Program Files (x86)\ERUNT
2012-04-26 12:11:42 ----A---- C:\ComboFix.txt
2012-04-26 12:07:02 ----SHD---- C:\$RECYCLE.BIN
2012-04-26 11:44:31 ----A---- C:\Windows\svchost.exe
2012-04-26 11:41:46 ----D---- C:\TDSSKiller_Quarantine
2012-04-26 11:41:07 ----A---- C:\TDSSKiller.2.7.33.0_26.04.2012_11.41.07_log.txt
2012-04-25 19:02:55 ----A---- C:\Windows\zip.exe
2012-04-25 19:02:55 ----A---- C:\Windows\SWSC.exe
2012-04-25 19:02:55 ----A---- C:\Windows\SWREG.exe
2012-04-25 19:02:55 ----A---- C:\Windows\sed.exe
2012-04-25 19:02:55 ----A---- C:\Windows\PEV.exe
2012-04-25 19:02:55 ----A---- C:\Windows\NIRCMD.exe
2012-04-25 19:02:55 ----A---- C:\Windows\MBR.exe
2012-04-25 19:02:55 ----A---- C:\Windows\grep.exe
2012-04-25 19:02:45 ----D---- C:\Windows\ERDNT
2012-04-25 19:02:43 ----D---- C:\Qoobox
2012-04-25 18:28:29 ----A---- C:\Windows\ntbtlog.txt
2012-04-25 13:23:30 ----D---- C:\ProgramData\Norton
2012-04-24 11:55:30 ----D---- C:\Windows\system64
2012-04-19 12:54:34 ----HD---- C:\Users\Scottg\AppData\Roaming\Windows Live Writer
2012-04-19 04:26:22 ----D---- C:\OpenSSL-Win32
2012-04-18 17:20:07 ----D---- C:\Program Files (x86)\SSLBuddy
2012-04-17 14:38:04 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-17 13:57:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-04-16 08:06:21 ----D---- C:\Config.Msi
2012-04-14 14:26:57 ----HD---- C:\Windows\system32\CanonIJ Uninstaller Information
2012-04-14 14:26:57 ----HD---- C:\ProgramData\CanonBJ
2012-04-14 14:26:54 ----A---- C:\Windows\system32\CNMLM95.DLL
2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700O.DLL
2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700L.DLL
2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700I.DLL
2012-04-14 14:26:51 ----A---- C:\Windows\system32\CNC700C.DLL
2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFMSe.EXE
2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeUS.DLL
2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCFLeJP.DLL
2012-04-14 14:26:50 ----A---- C:\Windows\system32\CNCF2Le.DLL
2012-04-14 14:26:47 ----HD---- C:\Program Files\CanonBJ
2012-04-13 17:30:23 ----A---- C:\Windows\SYSWOW64\hlvdd.dll
2012-04-13 17:30:16 ----A---- C:\Windows\system32\aksllmtp.exe
2012-04-13 17:17:11 ----A---- C:\Windows\system32\hasplms.exe
2012-04-13 16:58:50 ----D---- C:\Program Files (x86)\Chief Architect Inc
2012-04-13 14:27:18 ----D---- C:\ProgramData\Cadsoft
2012-04-13 14:22:31 ----D---- C:\ProgramData\Nova Development
2012-04-13 14:22:31 ----D---- C:\Program Files (x86)\Nova Development
2012-04-11 09:58:40 ----HD---- C:\Users\Scottg\AppData\Roaming\Malwarebytes
2012-04-11 09:58:37 ----D---- C:\ProgramData\Malwarebytes
2012-04-11 09:58:35 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-11 09:58:35 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-04-11 03:02:07 ----A---- C:\Windows\system32\MRT.INI
2012-04-11 03:00:29 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-11 03:00:29 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-11 03:00:28 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-11 03:00:28 ----A---- C:\Windows\system32\wmi.dll
2012-04-11 03:00:28 ----A---- C:\Windows\system32\wintrust.dll
2012-04-11 00:52:39 ----A---- C:\Windows\system32\mshtml.dll
2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-11 00:52:35 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-11 00:52:34 ----A---- C:\Windows\system32\iertutil.dll
2012-04-11 00:52:34 ----A---- C:\Windows\system32\ieframe.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-11 00:52:33 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\wininet.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\urlmon.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\url.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\msfeeds.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-11 00:52:33 ----A---- C:\Windows\system32\ieui.dll
2012-03-28 17:06:35 ----HD---- C:\Users\Scottg\AppData\Roaming\tmssoftware
2012-03-28 16:27:57 ----A---- C:\Windows\SYSWOW64\zlib1.dll
2012-03-28 16:27:52 ----D---- C:\Users\Scottg\AppData\Roaming\IntraWeb XII
2012-03-28 15:00:50 ----N---- C:\Windows\SYSWOW64\sbe6_32.dll
2012-03-28 14:58:23 ----D---- C:\ProgramData\Kaed
2012-03-28 14:55:33 ----D---- C:\Program Files (x86)\nsoftware
2012-03-28 14:25:42 ----HDC---- C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}
2012-03-28 14:25:10 ----D---- C:\ProgramData\SmartBear
2012-03-28 14:23:54 ----D---- C:\ProgramData\Raize
2012-03-28 14:23:52 ----D---- C:\Program Files (x86)\Raize
2012-03-28 14:23:38 ----D---- C:\ProgramData\VSoft
2012-03-28 14:23:35 ----D---- C:\Program Files (x86)\FinalBuilder 7 XE2
2012-03-28 14:21:23 ----D---- C:\Program Files (x86)\SmartBear
2012-03-28 14:04:13 ----D---- C:\Program Files (x86)\CollabNet
2012-03-28 14:04:09 ----D---- C:\Program Files (x86)\DevJet
2012-03-28 13:58:41 ----D---- C:\ProgramData\Embarcadero
2012-03-28 13:58:41 ----D---- C:\Program Files (x86)\Embarcadero
2012-03-28 13:34:09 ----HD---- C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}
2012-03-28 09:40:31 ----HD---- C:\Users\Scottg\AppData\Roaming\Subversion
2012-03-27 17:25:02 ----A---- C:\Windows\ipworks8.dll
2012-03-27 17:22:35 ----HD---- C:\Users\Scottg\AppData\Roaming\SmartBear
2012-03-27 17:22:34 ----D---- C:\Users\Scottg\AppData\Roaming\DevJET
2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\TLBINF32.dll
2012-03-27 17:19:22 ----A---- C:\Windows\SYSWOW64\CapiCom.dll
2012-03-27 16:29:11 ----HDC---- C:\ProgramData\{B0A6C550-7640-4BB9-A44C-C9A7B5257584}
======List of files/folders modified in the last 1 month======
2012-04-26 12:57:35 ----D---- C:\Windows\Prefetch
2012-04-26 12:57:30 ----RD---- C:\Program Files
2012-04-26 12:57:03 ----D---- C:\Temp
2012-04-26 12:55:10 ----D---- C:\Windows\Temp
2012-04-26 12:53:45 ----RD---- C:\Program Files (x86)
2012-04-26 12:22:09 ----D---- C:\Windows\system32\config
2012-04-26 12:11:44 ----D---- C:\Windows\system32\drivers
2012-04-26 12:07:47 ----D---- C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-26 12:07:16 ----D---- C:\Windows
2012-04-26 12:07:06 ----D---- C:\ProgramData
2012-04-26 12:07:04 ----A---- C:\Windows\system.ini
2012-04-26 12:06:42 ----D---- C:\Windows\system32\drivers\etc
2012-04-26 12:00:34 ----D---- C:\Windows\SYSWOW64\drivers
2012-04-26 12:00:34 ----D---- C:\Windows\SysWOW64
2012-04-26 12:00:34 ----D---- C:\Windows\System32
2012-04-26 12:00:34 ----D---- C:\Windows\AppPatch
2012-04-26 12:00:33 ----D---- C:\Program Files\Common Files
2012-04-26 12:00:33 ----D---- C:\Program Files (x86)\Common Files
2012-04-26 03:00:25 ----SHD---- C:\System Volume Information
2012-04-25 19:17:42 ----D---- C:\Windows\inf
2012-04-25 19:17:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-25 18:26:40 ----D---- C:\Windows\Tasks
2012-04-25 18:26:40 ----D---- C:\Windows\SYSWOW64\Macromed
2012-04-25 18:26:40 ----D---- C:\Windows\system32\wfp
2012-04-25 18:26:40 ----D---- C:\Windows\system32\DriverStore
2012-04-25 18:26:40 ----D---- C:\Windows\system32\catroot2
2012-04-25 18:26:17 ----D---- C:\Windows\system32\wbem
2012-04-25 18:26:17 ----D---- C:\Windows\system32\Tasks
2012-04-25 18:26:16 ----SHD---- C:\Windows\Installer
2012-04-25 18:26:16 ----D---- C:\Windows\system32\Macromed
2012-04-25 18:26:16 ----D---- C:\Windows\system32\CodeIntegrity
2012-04-25 18:26:16 ----D---- C:\Windows\AppCompat
2012-04-25 18:26:15 ----SD---- C:\Users\Scottg\AppData\Roaming\Microsoft
2012-04-25 18:26:15 ----D---- C:\Users\Scottg\AppData\Roaming\CodeGear
2012-04-25 18:26:13 ----D---- C:\ProgramData\Temp
2012-04-25 18:26:10 ----D---- C:\ProgramData\Microsoft Help
2012-04-25 18:26:10 ----D---- C:\ProgramData\eSellerate
2012-04-25 18:26:08 ----D---- C:\CYABackup
2012-04-25 18:25:25 ----D---- C:\Windows\registration
2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\PCDr
2012-04-25 18:18:30 ----D---- C:\Users\Scottg\AppData\Roaming\Mozilla
2012-04-25 18:18:23 ----D---- C:\Users\Scottg\AppData\Roaming\Forte
2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Embarcadero
2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\CyberLink
2012-04-25 18:18:22 ----D---- C:\Users\Scottg\AppData\Roaming\Adobe
2012-04-25 18:17:45 ----SD---- C:\ProgramData\Microsoft
2012-04-24 19:21:29 ----D---- C:\Windows\system32\LogFiles
2012-04-14 14:27:00 ----RSD---- C:\Windows\Media
2012-04-14 14:26:56 ----D---- C:\Windows\twain_32
2012-04-14 14:26:56 ----D---- C:\Windows\system32\catroot
2012-04-13 17:30:40 ----D---- C:\Windows\system32\Setup
2012-04-13 16:58:50 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-04-13 14:24:19 ----D---- C:\Windows\winsxs
2012-04-11 03:30:24 ----D---- C:\Windows\Microsoft.NET
2012-04-11 03:30:16 ----RSD---- C:\Windows\assembly
2012-04-11 03:19:59 ----D---- C:\Windows\SYSWOW64\migration
2012-04-11 03:19:59 ----D---- C:\Windows\system32\migration
2012-04-11 03:19:59 ----D---- C:\Program Files\Internet Explorer
2012-04-11 03:19:59 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-11 03:00:46 ----A---- C:\Windows\system32\MRT.exe
2012-04-10 15:34:17 ----D---- C:\HAL
2012-03-30 11:14:40 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-28 13:59:17 ----D---- C:\Windows\SYSWOW64\en-US
2012-03-28 13:31:45 ----D---- C:\Program Files (x86)\Steam
2012-03-28 13:13:00 ----D---- C:\Program Files (x86)\Microsoft
2012-03-28 13:11:35 ----D---- C:\Program Files (x86)\IntraWeb 10.0
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-03-03 540696]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2011-11-22 78208]
R2 aksfridge;Sentinel Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2011-11-22 139592]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2011-09-28 321536]
R3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2011-02-09 53760]
R3 akshhl;SafeNet Inc. Sentinel HL Key; C:\Windows\system32\DRIVERS\akshhl.sys [2011-09-08 57088]
R3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2011-08-09 21120]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-05-17 6853632]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-05-17 263680]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]
R3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-02-22 2271648]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys [2011-04-13 23960]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424]
S1 RxFilter;RxFilter; C:\Windows\system32\DRIVERS\RxFilter.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2006-11-01 151656]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-05-17 203264]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 hasplms;Sentinel Local License Manager; C:\Windows\system32\hasplms.exe [2011-12-30 4889032]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MsDtsServer;SQL Server Integration Services; C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2008-11-25 199520]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 158568]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 39626592]
R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-11-25 31648608]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2010-08-19 386344]
R2 SftService;SoftThinks Agent Service; C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-13 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-13 27136]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2010/11/10 18:57:30; c:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-26 232944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
S2 SessionLauncher;SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 253088]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-13 27136]
S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2009-06-10 42840]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-10 1045256]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe [2011-03-21 13160]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-15 182768]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-25 426336]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-07-16 316664]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-13 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-11-13 1255736]
S3 WMSVC;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2009-07-13 10752]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 64352]
-----------------EOF-----------------
INFO.txt
info.txt logfile of random's system information tool 1.09 2012-04-26 12:57:36
======Uninstall list======
-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
-->C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove
64 Bit HP CIO Components Installer-->MsiExec.exe /I{FDD06F32-C9C8-429C-A7B0-915D8A5AD406}
7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain plugin
Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}
Android SDK Tools-->C:\Program Files (x86)\Android\android-sdk\uninstall.exe
Apple Application Support-->MsiExec.exe /I{A83279FD-CA4B-4206-9535-90974DE76654}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Art Effects for PDR10-->C:\Program Files\CyberLink\PowerDirector10\..\Shared files\Plugin\NewBlue\\UninstallArtEffectsBundleForPDR10.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
BDE_ENT-->MsiExec.exe /I{E966F0CC-76B3-11D3-945B-00C04FB1760A}
Better Homes and Gardens Home Designer Pro 7.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6E613434-312D-4786-B879-8659B0EB0FCA}\setup.exe" -l0x9 -removeonly
C3FaxWSClientAPI 8.0.5.0-->C:\Program Files (x86)\Concord Technologies\C3FaxWSClientAPI\C3FaxWSClientAPIUninst.EXE
Canon MX700 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series /L0x0009
Catalyst Control Center - Branding-->MsiExec.exe /I{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}
CodeSite Express 5.1-->C:\PROGRA~2\Raize\CS5\UNWISE.EXE C:\PROGRA~2\Raize\CS5\CS5_EX~1.LOG
CollabNet Subversion Client 1.6.17-->C:\Program Files (x86)\CollabNet\uninst.exe
CyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PhotoNow-->"C:\Program Files (x86)\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" /z-uninstall
CyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstall
CyberLink PowerDirector 10 Content Pack I-->"C:\Program Files (x86)\InstallShield Installation Information\{9AA216FE-501D-4169-A239-709F67B5B060}\setup.exe" /z-uninstall
CyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstall
CyberLink PowerDirector 10 Content Pack II-->"C:\Program Files (x86)\InstallShield Installation Information\{AABB78C0-A435-486A-84E3-17E6684828C2}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDirector 10-->"C:\Program Files (x86)\InstallShield Installation Information\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\setup.exe" /z-uninstall
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink PowerDVD 9.5-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\setup.exe" /z-uninstall
CyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstall
CyberLink Romance Pack v3-->"C:\Program Files (x86)\InstallShield Installation Information\{D66DE2CC-64DF-402D-B270-33F2A6C67F0C}\Setup.exe" /z-uninstall
CyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall
CyberLink WaveEditor-->"C:\Program Files (x86)\InstallShield Installation Information\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\Setup.exe" /z-uninstall
Dell DataSafe Local Backup - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly /z"dsu"
Dell DataSafe Local Backup-->"C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -runfromtemp -l0x9 -removeonly
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Dock-->"C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.exe" REMOVE=TRUE MODIFY=FALSE
Dell Edoc Viewer-->MsiExec.exe /I{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Support Center-->C:\PROGRA~1\DELLSU~1\uninst.exe
Dell Support Center-->MsiExec.exe /X{0090A87C-3E0E-43D4-AA71-A71B06563A4A}
DevJET Documentation Insight Express Edition V2.0.3.251-->"C:\Program Files (x86)\DevJet\unins000.exe"
DirectXInstallService-->MsiExec.exe /X{098122AB-C605-4853-B441-C0A4EB359B75}
Dual-Core Optimizer-->MsiExec.exe /X{9FD6F1A8-5550-46AF-8509-271DF0E768B5}
Duke Nukem Forever-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/57900
Embarcadero Delphi and C++Builder XE2 Help System-->"C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Embarcadero Delphi and C++Builder XE2 Help System-->C:\ProgramData\{671BC913-F5C9-4A39-9F4C-D7522A418F2F}\Setup.exe
Embarcadero ER/Studio v9.0 Developer Edition-->"C:\Program Files (x86)\InstallShield Installation Information\{10386097-AC77-4D10-A63F-D0B854648F25}\setup.exe" -runfromtemp -l0x0009 -removeonly
Embarcadero RAD Studio XE2-->"C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
Embarcadero RAD Studio XE2-->C:\ProgramData\{05500BA0-5731-46FD-9326-FA79A36E6D46}\Setup.exe
EMC 10 Content-->MsiExec.exe /X{FDB46DE7-9045-47BB-970A-3E4ED5369E03}
EMCGadgets64-->MsiExec.exe /I{02AD9D20-03D2-4DE0-8793-E8253026AD86}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
FinalBuilder 7.0.0.1725 Embarcadero Edition-->"C:\Program Files (x86)\FinalBuilder 7 XE2\unins000.exe"
Forté Agent-->C:\PROGRA~2\Agent\UNWISE.EXE C:\PROGRA~2\Agent\INSTALL.LOG
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GoToAssist Corporate-->C:\Program Files (x86)\Citrix\GoToAssist\615\G2AUninstaller.exe /uninstall
HGTV Ultimate Home Design with Landscaping & Decks-->"C:\Program Files (x86)\InstallShield Installation Information\{0363C7DA-291C-454E-A318-570D4FC0A040}\setup.exe" -runfromtemp -l0x0409 -removeonly
HGTV Ultimate Home Design with Landscaping & Decks-->MsiExec.exe /X{0363C7DA-291C-454E-A318-570D4FC0A040}
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
IntraWeb XII-->"C:\Users\Scottg\AppData\Roaming\IntraWeb XII\unins000.exe"
IP*Works! V8 Delphi Edition-->C:\Program Files (x86)\nsoftware\IPWorks V8 Delphi Edition\uninstall.exe
Java™ 6 Update 20 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416020FF}
Java™ 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java™ 7 Update 1 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417001FF}
Java™ SE Development Kit 7 Update 1 (64-bit)-->MsiExec.exe /I{64A3A4F4-B792-11D6-A78A-00B0D0170010}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KDImage Editor version 3.3 (Build 57)-->"C:\ProgramData\Kaed\KDImage Editor\3.3\unins000.exe"
KDTele Tools version 4.0 (Build 34).-->"C:\ProgramData\Kaed\KDTele Tools\4.0\unins000.exe"
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Document Explorer 2008-->C:\Program Files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
Microsoft Document Explorer 2008-->MsiExec.exe /X{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}
Microsoft IntelliPoint 8.1-->msiexec.exe /I {3ED4AD02-F631-4A4C-AAC8-2325996E5A56}
Microsoft IntelliPoint 8.1-->MsiExec.exe /X{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}
Microsoft IntelliType Pro 8.1-->msiexec.exe /I {446EE0D9-1F6B-42BF-8278-8D0B172BA15D}
Microsoft IntelliType Pro 8.1-->MsiExec.exe /X{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access database engine 2007 (English)-->MsiExec.exe /I{90120000-00D1-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 (64-bit)-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 (64-bit)-->MsiExec.exe /I{F14F2E25-99AF-42A9-977C-F6D0352DC59F}
Microsoft SQL Server 2005 Analysis Services (64-bit)-->MsiExec.exe /I{54C2B4E9-DD13-4AA4-B09A-A6EF68F9359A}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{62D2F823-0EAA-496D-B0F9-A869BFC51550}
Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Integration Services (64-bit)-->MsiExec.exe /I{8A52D844-0DA7-40B0-8602-0567C068C081}
Microsoft SQL Server 2005 Notification Services (64-bit)-->MsiExec.exe /I{EA145881-7452-4004-80B9-971FC3D1D8D8}
Microsoft SQL Server 2005 Tools (64-bit)-->MsiExec.exe /I{FE7C8861-3195-4CA5-98EB-094652478192}
Microsoft SQL Server Native Client-->MsiExec.exe /I{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{18C5A65B-0A39-40B5-B958-63055AFAB65C}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{86177DAE-38B1-49DD-912E-35CB703AB779}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{820B6609-4C97-3A2B-B644-573B06A0F0CC}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual J# 2.0 Redistributable Package-->C:\Windows\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Mozilla Firefox 11.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
Raize Components 6.0-->C:\PROGRA~2\Raize\RC6\UNWISE.EXE C:\PROGRA~2\Raize\RC6\INSTALL.LOG
Rave Reports 10.0.0 BE-->"C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\RaveReports\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Roxio Activation Module-->MsiExec.exe /I{EC877639-07AB-495C-BFD1-D63AF9140810}
Roxio BackOnTrack-->MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
Roxio Central Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Central Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Central Core-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Central Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Central Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Easy CD and DVD Burning-->C:\ProgramData\Uninstall\{537BF16E-7412-448C-95D8-846E85A1D817}\setup.exe /x {537BF16E-7412-448C-95D8-846E85A1D817}
Roxio Easy CD and DVD Burning-->MsiExec.exe /I{612B5D2E-8084-4102-91DE-24281E4EFB2C}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio File Backup-->MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Sentinel Runtime-->MsiExec.exe /X{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}
Service Pack 3 for SQL Server Analysis Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\OLAP9_KB955706_ENU_64\Hotfix.exe /Uninstall
Service Pack 3 for SQL Server Database Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQL9_KB955706_ENU_64\Hotfix.exe /Uninstall
Service Pack 3 for SQL Server Integration Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\DTS9_KB955706_ENU_64\Hotfix.exe /Uninstall
Service Pack 3 for SQL Server Notification Services 2005 (64-bit) ENU (KB955706)-->C:\Windows\NS9_KB955706_ENU_64\Hotfix.exe /Uninstall
Service Pack 3 for SQL Server Tools and Workstation Components 2005 (64-bit) ENU (KB955706)-->C:\Windows\SQLTools9_KB955706_ENU_64\Hotfix.exe /Uninstall
SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->"C:\Windows\Installer\{DC73000A-9FD8-4445-A578-C52209A90522}\Setup\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartBear AQtime 7 Standard for Embarcadero RAD Studio XE and XE2-->MsiExec.exe /I{DC73000A-9FD8-4445-A578-C52209A90522}
SmartSound Quicktracks 5-->"C:\Program Files (x86)\InstallShield Installation Information\{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}\setup.exe" -runfromtemp -l0x0409 -removeonly
SmartSound Quicktracks 5-->MsiExec.exe /I{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
SQLXML4-->MsiExec.exe /I{B358C627-4492-469A-8D0A-FCA1EC769DA9}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
THX TruStudio PC-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{010A785B-F920-4350-821B-6309909C20BB}\setup.exe" -l0x9 /remove
TMS Async32 for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Async32\unins000.exe"
TMS Component Pack for Delphi / C++ Builder v6.3.2.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\unins000.exe"
TMS Component Pack Help Files for Delphi XE2 for VCL-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Help\Delphi XE2\unins000.exe"
TMS Component Pack Samples-->"C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\Samples\unins000.exe"
TMS Instrumentation Workshop for Delphi / C++ Builder v1.5.0.0-->"C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\unins000.exe"
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
VD64Inst-->MsiExec.exe /I{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{9B48B0AC-C813-4174-9042-476A887592C7}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
======System event log======
Computer Name: DEV
Event Code: 7000
Message: The SessionLauncher service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 4954540
Source Name: Service Control Manager
Time Written: 20120112091820.245263-000
Event Type: Error
User:
Computer Name: DEV
Event Code: 1
Message: Realtek PCIe GBE Family Controller is disconnected from network.
Record Number: 4954489
Source Name: RTL8167
Time Written: 20120112091806.371238-000
Event Type: Warning
User:
Computer Name: DEV
Event Code: 36882
Message: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.
Record Number: 4953538
Source Name: Schannel
Time Written: 20120103204202.749094-000
Event Type: Error
User: DEV\Scottg
Computer Name: DEV
Event Code: 36888
Message: The following fatal alert was generated: 48. The internal error state is 552.
Record Number: 4953537
Source Name: Schannel
Time Written: 20120103204202.749094-000
Event Type: Error
User: DEV\Scottg
Computer Name: DEV
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 4953177
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20111230160136.369941-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: DEV
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: mcepg
Record Number: 908
Source Name: .NET Runtime Optimization Service
Time Written: 20101114005711.000000-000
Event Type: Warning
User:
Computer Name: DEV
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: ehRecObj
Record Number: 907
Source Name: .NET Runtime Optimization Service
Time Written: 20101114005708.000000-000
Event Type: Warning
User:
Computer Name: DEV
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter
Record Number: 906
Source Name: .NET Runtime Optimization Service
Time Written: 20101114005707.000000-000
Event Type: Warning
User:
Computer Name: DEV
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.4952) - Version or flavor did not match with repository: Microsoft.MediaCenter.UI
Record Number: 902
Source Name: .NET Runtime Optimization Service
Time Written: 20101114005628.000000-000
Event Type: Warning
User:
Computer Name: DEV
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3010258393-3416120133-4182077219-1000:
Process 732 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3010258393-3416120133-4182077219-1000
Record Number: 877
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20101114005208.646667-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: DEV
Event Code: 4648
Message: A logon was attempted using explicit credentials.
Subject:
Security ID: S-1-5-18
Account Name: DEV$
Account Domain: S2
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name: Scottg
Account Domain: DEV
Logon GUID: {00000000-0000-0000-0000-000000000000}
Target Server:
Target Server Name: localhost
Additional Information: localhost
Process Information:
Process ID: 0x370
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Network Address: 127.0.0.1
Port: 0
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 1528
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101125020334.511250-000
Event Type: Audit Success
User:
Computer Name: DEV
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000
Account Name: Scottg
Account Domain: DEV
Logon ID: 0x13460f5
Logon Type: 7
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1527
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101125013733.312955-000
Event Type: Audit Success
User:
Computer Name: DEV
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000
Account Name: Scottg
Account Domain: DEV
Logon ID: 0x1346103
Logon Type: 7
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 1526
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101125013733.312955-000
Event Type: Audit Success
User:
Computer Name: DEV
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000
Account Name: Scottg
Account Domain: DEV
Logon ID: 0x13460f5
Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 1525
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101125013733.311954-000
Event Type: Audit Success
User:
Computer Name: DEV
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: DEV$
Account Domain: S2
Logon ID: 0x3e7
Logon Type: 7
New Logon:
Security ID: S-1-5-21-3010258393-3416120133-4182077219-1000
Account Name: Scottg
Account Domain: DEV
Logon ID: 0x1346103
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x370
Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: DEV
Source Network Address: 127.0.0.1
Source Port: 0
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 1524
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20101125013733.311954-000
Event Type: Audit Success
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"EMC_AUTOPLAY"=c:\Program Files (x86)\Common Files\Roxio Shared\
"FP_NO_HOST_CHECK"=NO
"lib"=C:\Program Files\SQLXML 4.0\bin\
"NUMBER_OF_PROCESSORS"=8
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files (x86)\CollabNet;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin;C:\Users\Public\Documents\RAD Studio\9.0\Bpl;C:\Program Files (x86)\Embarcadero\RAD Studio\9.0\bin64;C:\Users\Public\Documents\RAD Studio\9.0\Bpl\Win64;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared;c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft SQL Server\90\DTS\Binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn;C:\Program Files (x86)\Microsoft SQL Server\90\DTS\Binn;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE;C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies;C:\Program Files (x86)\QuickTime\QTSystem;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Component Pack\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\bpl;C:\Users\Scottg\Documents\tmssoftware\TMS Async32\DelphiXE2;C:\Users\Scottg\Documents\tmssoftware\TMS Instrumentation Workshop\bpl
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=1a05
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"RoxioCentral"=c:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------
Checkup.txt
Results of screen317's Security Check version 0.99.32
Windows 7 x64
(UAC is disabled!)
Internet Explorer 8
Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
aswMBR.txt
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 13:06:25
-----------------------------
13:06:25.562 OS Version: Windows x64 6.1.7601 Service Pack 1
13:06:25.562 Number of processors: 8 586 0x1A05
13:06:25.562 ComputerName: DEV UserName:
13:06:36.435 Initialize success
13:07:16.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:07:16.289 Disk 0 Vendor: Intel___ 1.0. Size: 953859MB BusType: 8
13:07:16.291 Device \Driver\iaStor -> MajorFunction fffffa800d6865c4
13:07:16.294 Disk 0 MBR read successfully
13:07:16.296 Disk 0 MBR scan
13:07:16.299 Disk 0 Windows VISTA default MBR code
13:07:16.324 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
13:07:16.327 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 11142 MB offset 81920
13:07:16.349 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 942676 MB offset 22900736
13:07:16.407 Disk 0 scanning C:\Windows\system32\drivers
13:07:39.983 Service scanning
13:08:04.549 Modules scanning
13:08:04.558 Scan finished successfully
13:08:27.261 Disk 0 MBR has been saved successfully to "C:\Temp\MBR.dat"
13:08:27.264 The log file has been saved successfully to "C:\Temp\aswMBR.txt"
2
This topic is locked
Attach.txt 15.88K
14 downloads
Sign In
Create Account
Back to top