iexplore.exe virus - can't remove it

Hewlett-packard Pavilion dv8t entertainm...
December 11, 2009 at 11:38:55
Specs: Microsoft Windows XP Pro, 1.73 GHZ
Hello -

I have a problem where iexplore.exe keeps running in my processes without my approval. I had a previous problem with some incarnation of antivirus live / 2009 and was able to stop / slow it with malwarebytes - however it did not get rid of this iexplore.exe problem.

It occasionally pops up commercials / audio ads that are super annoying too.

Please help!


See More: iexplore.exe virus - cant remove it

Report •

#1
December 11, 2009 at 20:06:30
Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized. Both logs will be located at C:\RSIT.exe.

Please post the contents of both logs (in separate post) in your next reply. It may take 3 to 4 post to get the entire log to us.

Download Gmer.exe from the following link.

Link1

1. Disconnect from the Internet and close all running programs.
2. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
3. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
4. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
5. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
6. If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
7. Now click the Scan button. If you see a rootkit warning window, click OK.
8. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
9. Click the Copy button and paste the results into your next reply.
•Exit GMER and re-enable all active protection when done.


Report •

#2
December 25, 2009 at 10:07:23
Try this program http://www.simplysup.com/tremover/i...

Is the only 1 that worked for me and removed the iexplore.exe virus


Report •

#3
December 25, 2009 at 11:59:25
I agree with response 2, many times it will save you lots of other scans if you nip it in the bud immediately...Trojan Remover is a great prog to start with.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Related Solutions

#4
March 6, 2010 at 05:36:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:15 AM, on 3/6/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Users\Richard\Documents\Photo's\Richard.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3620216743-4117080759-1568147514-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'RA Media Server')
O4 - S-1-5-21-3620216743-4117080759-1568147514-1001 User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} (20-20 3D Viewer) - https://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls...
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Windows\sminst\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10270 bytes


Report •

#5
March 6, 2010 at 05:37:12
Logfile of random's system information tool 1.06 (written by random/random)
Run by Richard at 2010-03-06 08:29:53
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 465 GB (78%) free of 595 GB
Total RAM: 6108 MB (72% free)


======Scheduled tasks folder======

C:\Windows\tasks\RtlNICDiagVistaStart.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2008-12-08 1067352]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Dell DataSafe Online"=C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [2009-07-07 1779952]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2009-02-04 128232]
"DellSupportCenter"=C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]
"SunJavaUpdateSched"=c:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe

C:\Users\Richard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dell Dock.lnk - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
LaunchU3.exe.lnk - C:\Users\Richard\AppData\Roaming\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe
LimeWire On Startup.lnk - C:\Program Files (x86)\LimeWire\LimeWire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\GoToAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7510d77c-56dd-11de-97f9-0021705cce12}]
shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b6a52519-07f7-11df-9720-0021705cce12}]
shell\AutoRun\command - K:\launcher.exe


======File associations======

.exe - open - "C:\Users\Richard\AppData\Local\av.exe" /START "%1" %*
.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-06 08:29:53 ----D---- C:\rsit
2010-03-06 08:29:53 ----D---- C:\Program Files (x86)\trend micro
2010-02-23 17:25:21 ----A---- C:\Windows\system32\jscript.dll
2010-02-23 17:24:47 ----A---- C:\Windows\system32\tzres.dll
2010-02-23 17:23:52 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-23 17:23:52 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-23 17:23:51 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-23 17:23:51 ----A---- C:\Windows\system32\secproc.dll
2010-02-23 17:23:51 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-23 17:23:51 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-23 17:23:50 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-23 17:23:50 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-23 17:23:50 ----A---- C:\Windows\system32\msdrm.dll
2010-02-10 07:39:37 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\avifil32.dll
2010-02-10 07:39:36 ----A---- C:\Windows\system32\avicap32.dll

======List of files/folders modified in the last 1 months======

2010-03-06 08:29:55 ----D---- C:\Windows\Temp
2010-03-06 08:29:54 ----D---- C:\Windows\Prefetch
2010-03-06 08:29:53 ----RD---- C:\Program Files (x86)
2010-03-05 21:41:28 ----SHD---- C:\System Volume Information
2010-03-05 18:14:06 ----D---- C:\Windows\System32
2010-03-05 17:49:30 ----D---- C:\ProgramData\Microsoft
2010-03-05 17:49:11 ----SD---- C:\Users\Richard\AppData\Roaming\Microsoft
2010-03-05 17:39:30 ----AD---- C:\ProgramData\TEMP
2010-03-05 17:39:01 ----D---- C:\Windows
2010-03-05 17:38:16 ----SHD---- C:\Windows\Installer
2010-03-05 17:38:16 ----D---- C:\Windows\Tasks
2010-03-05 17:38:16 ----D---- C:\Windows\sminst
2010-03-05 17:38:16 ----D---- C:\Windows\inf
2010-03-05 17:38:16 ----D---- C:\Program Files (x86)\Microsoft Works
2010-03-05 17:38:15 ----D---- C:\Windows\registration
2010-03-05 12:20:58 ----D---- C:\Users\Richard\AppData\Roaming\LimeWire
2010-02-24 03:36:17 ----D---- C:\Windows\rescache
2010-02-24 03:17:01 ----D---- C:\Windows\SysWOW64
2010-02-24 03:17:01 ----D---- C:\Windows\system32\en-US
2010-02-24 03:17:00 ----RSD---- C:\Windows\Fonts
2010-02-24 03:01:45 ----D---- C:\Windows\winsxs
2010-02-14 13:51:51 ----A---- C:\Users\Richard\AppData\Roaming\DataSafeDotNet.exe
2010-02-11 03:19:54 ----D---- C:\Program Files (x86)\Windows Mail

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx64;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\BHDrvx64.sys []
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NISx64\1008000.029\ccHPx64.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2009-08-26 475696]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100224.002\IDSvia64.sys [2009-10-28 466992]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1008000.029\SRTSPX64.SYS []
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys []
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMTDI.SYS []
R2 Packet;Auto Internet Protocol; C:\Windows\system32\DRIVERS\packet.sys []
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys []
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys []
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys []
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 132656]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100305.039\ENG64.SYS [2010-02-03 116272]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100305.039\EX64.SYS [2010-02-03 1742896]
R3 PCD5SRVC{048DBD20-445E8C82-05040104};PCD5SRVC{048DBD20-445E8C82-05040104} - PCDR Kernel Mode Service Helper Driver; \??\C:\PROGRA~2\DELLSU~1\HWDiag\bin\PCD5SRVC_x64.pkms [2008-11-04 28152]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1008000.029\SRTSP64.SYS []
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMFW.SYS []
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NISx64\1008000.029\SYMNDISV.SYS []
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 SYMDNS;SYMDNS; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMDNS.SYS []
S3 SYMREDRV;SYMREDRV; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SYMREDRV.SYS []
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSr64.exe []
R2 Apache2.2;Remote Access Media Server; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [2007-09-21 15872]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 dsl-db;Remote Access DB; C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe [2007-09-14 5730304]
R2 dsl-fs-sync;Remote Access File Sync Service; C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe [2009-01-05 173296]
R2 hnmsvc;Advanced Networking Service; c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe [2009-01-05 824560]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SftService;SoftThinks Agent Service; C:\Windows\sminst\sftservice.EXE [2009-02-23 632048]
R2 sprtsvc_DellSupportCenter;SupportSoft Sprocket Service (DellSupportCenter); C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe [2008-12-16 206064]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-11-03 242424]
S3 GoToAssist;GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe [2009-06-06 16680]
S3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-27 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]

-----------------EOF-----------------


Report •

#6
March 6, 2010 at 05:37:36
info.txt logfile of random's system information tool 1.06 2010-03-06 08:30:25

======Uninstall list======

-->"C:\Program Files (x86)\WildTangent\Dell Games\Amazing Adventures Around the World\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 3\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Chicken Invaders 3 - Revenge of the Yolk\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Dora's Carnival Adventure\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Farm Frenzy\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Farm Mania\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\FATE Undiscovered Realms\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Flip Words\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\My Tribe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Poker Superstars III\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Super Granny\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Wheel of Fortune 2\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\World of Goo\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Zuma Deluxe\Uninstall.exe"
-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Acrobat.com-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
Coupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"
Dell DataSafe Local Backup - Support Software-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}\setup.exe" -l0x9 -removeonly
Dell DataSafe Local Backup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\setup.exe" -l0x9 -removeonly
Dell DataSafe Online-->MsiExec.exe /X{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Remote Access-->MsiExec.exe /I{F66A31D9-7831-4FBA-BA02-C411C0047CC5}
Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
Dell Video Chat-->C:\Program Files (x86)\Dell Video Chat\uninst.exe
DELL0703-->MsiExec.exe /I{053C30EA-D4C6-47A0-8537-8D231D9BE873}
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
GoToAssist 8.0.0.514-->C:\Program Files (x86)\Citrix\GoToAssist\514\G2AUninstaller.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
iPod for Windows 2005-09-06-->C:\Program Files (x86)\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2E4E8905-5F24-4AEA-84E2-923CC12E3AB1} /l1033
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Junk Mail filter update-->MsiExec.exe /I{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}
LimeWire 5.2.13-->"C:\Program Files (x86)\LimeWire\uninstall.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\8BACC656\16.8.0.41\InstStub.exe /X
Notepad++-->C:\Program Files (x86)\Notepad++\uninstall.exe
PowerDVD DX-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek Ethernet Network Card Diagnostic tool for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m -nrg2709
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
U3Launcher-->MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Verizon High Speed Internet-->"C:\Windows\DSL\unins000.exe"
WildTangent Games-->"C:\Program Files (x86)\WildTangent\Dell Games\Uninstall.exe"
Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Photo Gallery-->MsiExec.exe /X{F73A5B18-EB75-4B2C-B32D-9457576E2417}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}
Windows Live Toolbar-->MsiExec.exe /X{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 72565
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100306124444.000000-000
Event Type: Warning
User:

Computer Name: home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 72566
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100306125457.000000-000
Event Type: Warning
User:

Computer Name: home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 72567
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100306130509.000000-000
Event Type: Warning
User:

Computer Name: home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 72568
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100306131513.000000-000
Event Type: Warning
User:

Computer Name: home-PC
Event Code: 4
Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.
Record Number: 72569
Source Name: Microsoft-Windows-SpoolerWin32SPL
Time Written: 20100306132523.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: home-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4433
Source Name: Microsoft-Windows-WMI
Time Written: 20100305172404.000000-000
Event Type: Error
User:

Computer Name: home-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18882, time stamp 0x4b3ed243, faulting module Multimedia.api, version 9.0.0.332, time stamp 0x4850e5c7, exception code 0xc0000005, fault offset 0x00042d1c, process id 0x15d8, application start time 0x01cabcb066fd6160.
Record Number: 4441
Source Name: Application Error
Time Written: 20100305220859.000000-000
Event Type: Error
User:

Computer Name: home-PC
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18882, time stamp 0x4b3ed243, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xdbc3680c, process id 0x15a4, application start time 0x01cabcb078693820.
Record Number: 4443
Source Name: Application Error
Time Written: 20100305220907.000000-000
Event Type: Error
User:

Computer Name: home-PC
Event Code: 100
Message: Changed limits: max_open_files: 2048 max_connections: 100 table_cache: 969

For more information, see Help and Support Center at http://www.mysql.com.
Record Number: 4466
Source Name: MySQL
Time Written: 20100305223920.000000-000
Event Type: Warning
User:

Computer Name: home-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 4479
Source Name: Microsoft-Windows-WMI
Time Written: 20100305224046.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: home-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HOME-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-3620216743-4117080759-1568147514-1000
Account Name: Richard
Account Domain: home-PC
Logon ID: 0x146f364
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: HOME-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13311
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100306124237.704000-000
Event Type: Audit Success
User:

Computer Name: home-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HOME-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 7

New Logon:
Security ID: S-1-5-21-3620216743-4117080759-1568147514-1000
Account Name: Richard
Account Domain: home-PC
Logon ID: 0x146f40a
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: HOME-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13312
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100306124237.704000-000
Event Type: Audit Success
User:

Computer Name: home-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-3620216743-4117080759-1568147514-1000
Account Name: Richard
Account Domain: home-PC
Logon ID: 0x146f364

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 13313
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100306124237.704000-000
Event Type: Audit Success
User:

Computer Name: home-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-3620216743-4117080759-1568147514-1000
Account Name: Richard
Account Domain: home-PC
Logon ID: 0x146f40a

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 13314
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100306124238.655600-000
Event Type: Audit Success
User:

Computer Name: home-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-3620216743-4117080759-1568147514-1000
Account Name: Richard
Account Domain: home-PC
Logon ID: 0x146f364

Logon Type: 7

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 13315
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100306124238.671200-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Report •

Ask Question