the eset online scanner either didnt do a log, or after i clicked on the "uninstall eset" right after the scan it deleted it, even though there is still an eset folder in the prgramd files folder of my harddrive, so i dont know whether it deleted it or if it wasnt created. also the online scanner didnt find anything so it didnt clean anything.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ines at 2010-01-23 13:09:47
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 72 GB (68%) free of 106 GB
Total RAM: 2046 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:53 PM, on 1/23/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal
Running processes:
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Ines\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ines.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\APSHook.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 6319 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForInes.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-21 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-09 7539232]
"CognizanceTS"=c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 1458176]
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2006-11-07 44128]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]
"Vidalia"=C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-03-12 50696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-03-20 1773568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2007-02-12 174872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2007-04-23 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-10-26 1458176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2009-02-27 542096]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\System32\APSHook.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-01-23 13:09:47 ----D---- C:\rsit
2010-01-23 09:47:33 ----D---- C:\Program Files\ESET
2010-01-22 10:19:11 ----A---- C:\Windows\system32\mshtml.dll
2010-01-22 10:19:10 ----A---- C:\Windows\system32\ieframe.dll
2010-01-22 10:19:08 ----A---- C:\Windows\system32\urlmon.dll
2010-01-22 10:19:08 ----A---- C:\Windows\system32\iertutil.dll
2010-01-22 10:19:07 ----A---- C:\Windows\system32\wininet.dll
2010-01-22 10:19:07 ----A---- C:\Windows\system32\occache.dll
2010-01-22 10:19:07 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-22 10:19:07 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-22 10:19:06 ----A---- C:\Windows\system32\ieui.dll
2010-01-22 10:19:06 ----A---- C:\Windows\system32\iepeers.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\msfeedssync.exe
2010-01-22 10:19:05 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-22 10:19:05 ----A---- C:\Windows\system32\iesysprep.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\iesetup.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\iernonce.dll
2010-01-22 10:19:05 ----A---- C:\Windows\system32\ie4uinit.exe
2010-01-21 23:04:31 ----D---- C:\Program Files\Microsoft Security Essentials
2010-01-21 13:53:02 ----D---- C:\ProgramData\Sun
2010-01-21 13:52:55 ----D---- C:\Program Files\Sun
2010-01-21 13:52:47 ----A---- C:\Windows\system32\deploytk.dll
2010-01-21 13:51:46 ----D---- C:\Program Files\Java
2010-01-21 10:07:19 ----D---- C:\Program Files\VS Revo Group
2010-01-21 09:30:55 ----D---- C:\Windows\temp
2010-01-21 09:30:53 ----A---- C:\ComboFix.txt
2010-01-21 09:30:30 ----SHD---- C:\$RECYCLE.BIN
2010-01-21 09:22:02 ----A---- C:\Windows\SWXCACLS.exe
2010-01-21 09:22:00 ----D---- C:\32788R22FWJFW
2010-01-21 09:21:05 ----D---- C:\a
2010-01-18 10:29:47 ----D---- C:\Program Files\Windows Portable Devices
2010-01-18 10:22:54 ----DC---- C:\Windows\system32\DRVSTORE
2010-01-18 10:22:29 ----D---- C:\Program Files\Microsoft Sync Framework
2010-01-18 10:21:03 ----A---- C:\Windows\system32\d3dx9_32.dll
2010-01-18 10:20:56 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-01-18 10:20:31 ----D---- C:\Program Files\Windows Live SkyDrive
2010-01-18 10:20:20 ----D---- C:\Program Files\Windows Live
2010-01-18 08:10:06 ----D---- C:\Program Files\Common Files\Windows Live
2010-01-18 08:09:34 ----A---- C:\Windows\system32\UIAnimation.dll
2010-01-18 08:09:33 ----A---- C:\Windows\system32\UIRibbonRes.dll
2010-01-18 08:09:33 ----A---- C:\Windows\system32\UIRibbon.dll
2010-01-18 08:09:08 ----A---- C:\Windows\system32\WMPhoto.dll
2010-01-18 08:09:07 ----A---- C:\Windows\system32\cdd.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\XpsRasterService.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\WindowsCodecs.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe
2010-01-18 08:09:06 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\dxdiagn.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\dxdiag.exe
2010-01-18 08:09:06 ----A---- C:\Windows\system32\d3d10warp.dll
2010-01-18 08:09:06 ----A---- C:\Windows\system32\d2d1.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\xpsservices.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\XpsPrint.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\OpcServices.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\FntCache.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\dxgi.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\DWrite.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d11.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d10level9.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d10core.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d10_1core.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d10_1.dll
2010-01-18 08:09:05 ----A---- C:\Windows\system32\d3d10.dll
2010-01-18 08:08:41 ----A---- C:\Windows\system32\WPDShextAutoplay.exe
2010-01-18 08:08:41 ----A---- C:\Windows\system32\wpdbusenum.dll
2010-01-18 08:08:41 ----A---- C:\Windows\system32\BthMtpContextHandler.dll
2010-01-18 08:08:39 ----A---- C:\Windows\system32\PortableDeviceConnectApi.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\WPDSp.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\WPDShServiceObj.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\wpdshext.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\wpd_ci.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\PortableDeviceWMDRM.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\PortableDeviceTypes.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\PortableDeviceClassExtension.dll
2010-01-18 08:08:37 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2010-01-18 08:07:49 ----A---- C:\Windows\system32\oleaccrc.dll
2010-01-18 08:07:48 ----A---- C:\Windows\system32\UIAutomationCore.dll
2010-01-18 08:07:48 ----A---- C:\Windows\system32\oleacc.dll
2010-01-18 08:05:56 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-18 08:05:38 ----D---- C:\Program Files\Microsoft
2010-01-18 08:04:36 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-01-18 08:04:35 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-01-18 08:03:17 ----A---- C:\Windows\system32\wmp.dll
2010-01-18 08:03:14 ----A---- C:\Windows\system32\unregmp2.exe
2010-01-18 08:03:12 ----A---- C:\Windows\system32\wmploc.DLL
2010-01-17 07:21:05 ----D---- C:\Users\Ines\AppData\Roaming\IObit
2010-01-17 07:21:03 ----D---- C:\Program Files\IObit
2010-01-16 07:41:36 ----D---- C:\Users\Ines\AppData\Roaming\gtk-2.0
2010-01-16 07:30:40 ----D---- C:\Program Files\GIMP-2.0
2010-01-12 15:48:48 ----A---- C:\Windows\system32\t2embed.dll
2010-01-12 15:48:48 ----A---- C:\Windows\system32\fontsub.dll
2010-01-11 19:00:44 ----D---- C:\Program Files\CCleaner
2010-01-11 06:42:56 ----D---- C:\Windows\Minidump
2010-01-11 03:30:47 ----A---- C:\ProgramData\sysReserve.ini
2010-01-06 13:15:04 ----D---- C:\Program Files\Alex Feinman
2010-01-03 01:06:53 ----D---- C:\Windows\system32\Adobe
2010-01-03 00:59:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-01-03 00:58:39 ----D---- C:\ProgramData\NOS
======List of files/folders modified in the last 1 months======
2010-01-23 13:09:53 ----D---- C:\Windows\Prefetch
2010-01-23 09:47:35 ----SD---- C:\Windows\Downloaded Program Files
2010-01-23 09:47:33 ----RD---- C:\Program Files
2010-01-23 09:30:18 ----D---- C:\Windows\SMINST
2010-01-23 09:30:05 ----D---- C:\Windows\Registration
2010-01-23 09:29:06 ----D---- C:\Windows\system32\migration
2010-01-23 09:29:06 ----D---- C:\Windows\System32
2010-01-23 09:29:06 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:31:10 ----D---- C:\Windows\winsxs
2010-01-22 11:09:26 ----D---- C:\WINDOWS
2010-01-22 10:17:57 ----D---- C:\Windows\system32\catroot
2010-01-22 10:14:54 ----D---- C:\Windows\system32\WDI
2010-01-21 23:04:40 ----SHD---- C:\Windows\Installer
2010-01-21 23:04:37 ----D---- C:\Windows\system32\drivers
2010-01-21 23:04:37 ----D---- C:\Windows\system32\catroot2
2010-01-21 23:04:36 ----SD---- C:\ProgramData\Microsoft
2010-01-21 22:45:17 ----D---- C:\Windows\system32\Tasks
2010-01-21 22:44:44 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 22:37:02 ----D---- C:\ProgramData
2010-01-21 22:31:34 ----D---- C:\Program Files\Yahoo!
2010-01-21 22:29:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-21 13:53:20 ----D---- C:\Program Files\Common Files\Java
2010-01-21 13:52:38 ----A---- C:\Windows\system32\javaws.exe
2010-01-21 13:52:38 ----A---- C:\Windows\system32\javaw.exe
2010-01-21 13:52:38 ----A---- C:\Windows\system32\java.exe
2010-01-21 12:10:21 ----D---- C:\Windows\ERDNT
2010-01-21 09:30:55 ----D---- C:\Qoobox
2010-01-21 09:29:29 ----A---- C:\Windows\system.ini
2010-01-21 09:26:48 ----D---- C:\Windows\AppPatch
2010-01-21 09:26:47 ----D---- C:\Program Files\Common Files
2010-01-20 22:31:24 ----D---- C:\Windows\Tasks
2010-01-20 11:43:22 ----SD---- C:\Users\Ines\AppData\Roaming\Microsoft
2010-01-18 12:22:35 ----D---- C:\Windows\Microsoft.NET
2010-01-18 12:22:34 ----RSD---- C:\Windows\assembly
2010-01-18 10:48:04 ----D---- C:\Windows\rescache
2010-01-18 10:38:27 ----D---- C:\Windows\inf
2010-01-18 10:38:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-18 10:29:48 ----D---- C:\Windows\system32\en-US
2010-01-18 10:29:47 ----D---- C:\Windows\system32\wbem
2010-01-18 10:29:45 ----D---- C:\Windows\system32\zh-TW
2010-01-18 10:29:45 ----D---- C:\Windows\system32\zh-HK
2010-01-18 10:29:45 ----D---- C:\Windows\system32\zh-CN
2010-01-18 10:29:45 ----D---- C:\Windows\system32\uk-UA
2010-01-18 10:29:45 ----D---- C:\Windows\system32\tr-TR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\th-TH
2010-01-18 10:29:45 ----D---- C:\Windows\system32\sv-SE
2010-01-18 10:29:45 ----D---- C:\Windows\system32\sr-Latn-CS
2010-01-18 10:29:45 ----D---- C:\Windows\system32\sl-SI
2010-01-18 10:29:45 ----D---- C:\Windows\system32\sk-SK
2010-01-18 10:29:45 ----D---- C:\Windows\system32\ru-RU
2010-01-18 10:29:45 ----D---- C:\Windows\system32\ro-RO
2010-01-18 10:29:45 ----D---- C:\Windows\system32\pt-PT
2010-01-18 10:29:45 ----D---- C:\Windows\system32\pt-BR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\pl-PL
2010-01-18 10:29:45 ----D---- C:\Windows\system32\nl-NL
2010-01-18 10:29:45 ----D---- C:\Windows\system32\nb-NO
2010-01-18 10:29:45 ----D---- C:\Windows\system32\lv-LV
2010-01-18 10:29:45 ----D---- C:\Windows\system32\lt-LT
2010-01-18 10:29:45 ----D---- C:\Windows\system32\ko-KR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\ja-JP
2010-01-18 10:29:45 ----D---- C:\Windows\system32\it-IT
2010-01-18 10:29:45 ----D---- C:\Windows\system32\hu-HU
2010-01-18 10:29:45 ----D---- C:\Windows\system32\hr-HR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\he-IL
2010-01-18 10:29:45 ----D---- C:\Windows\system32\fr-FR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\fi-FI
2010-01-18 10:29:45 ----D---- C:\Windows\system32\et-EE
2010-01-18 10:29:45 ----D---- C:\Windows\system32\es-ES
2010-01-18 10:29:45 ----D---- C:\Windows\system32\el-GR
2010-01-18 10:29:45 ----D---- C:\Windows\system32\de-DE
2010-01-18 10:29:45 ----D---- C:\Windows\system32\da-DK
2010-01-18 10:29:45 ----D---- C:\Windows\system32\cs-CZ
2010-01-18 10:29:45 ----D---- C:\Windows\system32\bg-BG
2010-01-18 10:29:45 ----D---- C:\Windows\system32\ar-SA
2010-01-18 10:29:44 ----D---- C:\Windows\ehome
2010-01-18 10:29:43 ----D---- C:\Program Files\Windows Mail
2010-01-18 10:29:42 ----D---- C:\Program Files\Windows Media Player
2010-01-18 10:19:16 ----D---- C:\Program Files\Common Files\microsoft shared
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-14 00:16:35 ----D---- C:\ProgramData\WildTangent
2010-01-13 15:08:22 ----D---- C:\Windows\Debug
2010-01-08 08:25:49 ----D---- C:\ProgramData\Adobe
2010-01-04 19:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-03 01:00:42 ----D---- C:\Program Files\Common Files\Adobe
2010-01-03 01:00:31 ----D---- C:\Program Files\Adobe
2010-01-03 00:59:16 ----D---- C:\Users\Ines\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-09 2366752]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-19 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-10 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1095936]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 catchme;catchme; \??\C:\Users\Ines\AppData\Local\Temp\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-02 163328]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 2216448]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-19 7680]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [2007-04-23 262243]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [2007-04-23 106593]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-02-12 355096]
R2 MsMpSvc;@C:\Program Files\Microsoft Security Essentials\MpAsDesc.dll,-241; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-02-12 880640]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-02-17 74656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 HP Health Check Service;HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-03-14 62984]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-01-23 13:09:57
======Uninstall list======
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Fury\Uninstall.exe"
-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Lemonade Tycoon 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Phoenix Assault\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Puzzle Express\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowboard SuperJam\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants Krabby Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
Bejeweled 2 Deluxe 1.0-->C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Bejeweled 2 Deluxe\Install.log"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESU for Microsoft Vista-->MsiExec.exe /X{1517A7CB-5F00-4A88-8F06-E89B6DB63784}
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{290B83AA-093A-45BF-A917-D1C4A1E8D917}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{9061CEF2-51F5-42C9-8A70-9ED351C6597A}
HP Photosmart Essential 2.0-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.20 B1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Total Care Advisor-->MsiExec.exe /X{F6B29003-A078-4491-AFBE-62EFB6CFFE19}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP User Guides 0056-->MsiExec.exe /I{5AB56552-6938-4686-9F87-DB0ED8D1E06B}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
Intel Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) SE Development Kit 6 Update 18-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160180}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Libronix Digital Library System-->C:\Program Files\Libronix DLS\System\Unsetup.exe
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSCU for Microsoft Vista-->MsiExec.exe /X{3FFB3B34-D639-4384-9AE9-DDE58430D86F}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{0BFC200F-C45D-4271-AF34-4CA969225DEB}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Revo Uninstaller Pro 2.0.5-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VeriSoft Access Manager-->rundll32.exe "c:\Program Files\Bioscrypt\VeriSoft\Bin\SetupHelper.dll",ExecMain /Uninstall {0ABA40AF-288D-41F1-B735-C5155692CD7D}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
=====HijackThis Backups=====
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) [2010-01-21]
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll (file missing) [2010-01-21]
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: Ines-PC
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 251740
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20091112012308.558286-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ines-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E848AEE3. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 249872
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091112005230.000000-000
Event Type: Warning
User:
Computer Name: Ines-PC
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\DR2 during a paging operation.
Record Number: 238045
Source Name: disk
Time Written: 20091111213636.224886-000
Event Type: Warning
User:
Computer Name: Ines-PC
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0013E848AEE3. The following error occurred:
The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Record Number: 233582
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091111202215.000000-000
Event Type: Warning
User:
Computer Name: Ines-PC
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
Record Number: 229757
Source Name: Microsoft-Windows-Time-Service
Time Written: 20091111191832.000000-000
Event Type: Warning
User:
=====Application event log=====
Computer Name: Ines-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3306987689-1346429272-3060805736-1000_Classes:
Process 1004 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306987689-1346429272-3060805736-1000_CLASSES
Record Number: 151
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090110203118.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ines-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3306987689-1346429272-3060805736-1000:
Process 1004 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306987689-1346429272-3060805736-1000
Record Number: 150
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090110203117.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ines-PC
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {35a62db9-7dc6-49ba-9a1e-a5e955a638b5}
Record Number: 91
Source Name: VSS
Time Written: 20090110013821.000000-000
Event Type: Error
User:
Computer Name: Ines-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3306987689-1346429272-3060805736-1000_Classes:
Process 1716 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306987689-1346429272-3060805736-1000_CLASSES
Record Number: 43
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090110012058.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Ines-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.
DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-3306987689-1346429272-3060805736-1000:
Process 620 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-3306987689-1346429272-3060805736-1000
Process 1716 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3306987689-1346429272-3060805736-1000
Record Number: 42
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090110012057.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: Ines-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110001545.514400-000
Event Type: Audit Failure
User:
Computer Name: Ines-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.
Error Code: 2
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110001545.514400-000
Event Type: Audit Failure
User:
Computer Name: Ines-PC
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x32732a
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110000932.643400-000
Event Type: Audit Success
User:
Computer Name: Ines-PC
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x32732a
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: LH-DU82NNIPZWOS
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090110000921.112400-000
Event Type: Audit Success
User:
Computer Name: Ines-PC
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-3306987689-1346429272-3060805736-1000
Account Name: Ines
Domain Name: Ines-PC
Logon ID: 0x8d694
Record Number: 1
Source Name: Microsoft-Windows-Eventlog
Time Written: 20090110000652.935000-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;c:\Program Files\Bioscrypt\VeriSoft\bin;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"USERPART"=F:
-----------------EOF-----------------
