Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Ultimate 64 Hangs after loggin in


  • This topic is locked This topic is locked
2 replies to this topic

#1 Frank Vasquez

Frank Vasquez

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 15 May 2009 - 10:25 PM

Weird things started today. My machine locked up, and upon reboot, Vista Ultimate 64 seems to stop at a certain point while populating the System Tray after Logging In. I can boot in Safe Mode with Networking, but something prevents a Normal Startup.

I did a MBAM Full Scan and Windows Defender scan with no "infections". Are they missing something? I ran a RSIT/HJT scan in Safe Mode, and here are the logfiles - please help!

info.txt logfile of random's system information tool 1.06 2009-05-16 01:16:59

======Uninstall list======

-->"C:\Program Files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe" /remove /l0x0009
-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files (x86)\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A01623A-4502-478E-9074-1DFD1DAB78EB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{AAEF329E-F353-46C9-933D-24A571986093}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DCCC08BD-FC52-4AEB-ACF8-6A5C06550468}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
3DMark Vantage-->C:\Program Files (x86)\InstallShield Installation Information\{C40C3C3D-97CF-44B5-836C-766E374464B3}\setup.exe -runfromtemp -l0x0009 -removeonly
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->C:\Windows\system32\Adobe\uninstaller.exe
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
AI Direct Link-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C312984C-E386-4C2D-B33E-7B54355FB16E}\Setup.exe" -l0x9
AI Suite-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
AntiCrash 3.6.1-->"C:\Program Files (x86)\Dachshund Software\AntiCrash\Uninstall.exe" "C:\Program Files (x86)\Dachshund Software\AntiCrash\install.log"
AnyDVD-->"C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files (x86)\SlySoft\AnyDVD"
ASUSUpdate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
Battlecraft 1942-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlecraft 1942\irunin.ini"
Battlecraft Vietnam-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlecraft Vietnam\irunin.ini"
Battlefield 1942: Secret Weapons of WWII-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}\setup.exe" -l0x9
Battlefield 1942: The Road To Rome-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}\setup.exe" -l0x9
Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\Setup.exe" -l0x9
Battlefield Mod Development Toolkit 2.0 Beta-->C:\Windows\iun6002.exe "C:\Program Files\EA GAMES\Battlefield Mod Development Toolkit\MDT.ini"
Battlefield Vietnam™-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E35B3C63-E958-4E31-A178-95D22024109A}\setup.exe" -l0x9
Battlefield Vietnam: WW2 Mod-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F989306B-9287-444F-AE73-E30C7E4AF0F5}\setup.exe" -l0x9
Battleforge Demo-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/24770
Bioshock-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7670
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{7CB1E63B-C999-4D17-8133-E138F41D9ECF}
Call of Duty® 4 - Modern Warfare™ 1.2 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{E5141379-B2D9-4BBC-BB2A-5805541571DD}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.3 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.6 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™ 1.7 Patch-->C:\Program Files (x86)\InstallShield Installation Information\{931C37FC-594D-43A9-B10F-A2F2B1F03498}\setup.exe -runfromtemp -l0x0409
Call of Duty® 4 - Modern Warfare™-->C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files (x86)\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files (x86)\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel MediaOne-->MsiExec.exe /I{A062A15F-9CAC-4B88-98DF-87628A0BD721}
Creative ALchemy (X-Fi MB Edition)-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A01623A-4502-478E-9074-1DFD1DAB78EB}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe" -l0x9 /remove
Dead Space™-->MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Defraggler (remove only)-->"C:\Program Files (x86)\Defraggler\uninst.exe"
DesertCombat 0.7-->C:\Windows\iun6002.exe "C:\Program Files (x86)\EA GAMES\Battlefield 1942\DesertCombat.ini"
Driver Sweeper 1.5.5-->"C:\Program Files (x86)\Driver Sweeper\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files (x86)\DVD Shrink\unins000.exe"
Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Forgotten Honor-->"C:\Program Files (x86)\EA GAMES\Battlefield 1942\Mods\fhtmod\unins000.exe"
Forgotten Hope 0.70-->C:\Program Files (x86)\EA GAMES\Battlefield 1942\Mods\FH\uninst.exe
Foxit Reader-->C:\Program Files (x86)\Foxit Software\Foxit Reader\Uninstall.exe
FriendFinder Messenger v4.1-->MsiExec.exe /I{EA5A0CD7-C894-4FA8-88A5-0887E8257E4A}
FrostWire 4.17.2-->C:\Program Files (x86)\FrostWire\Uninstall.exe
Futuremark SystemInfo-->C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe -runfromtemp -l0x0009 -removeonly
Hare 1.5.1-->"C:\Program Files (x86)\Dachshund Software\Hare\Uninstall.exe" "C:\Program Files (x86)\Dachshund Software\Hare\install.log"
HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
HydraVision-->MsiExec.exe /X{7C7E30E3-1027-92C4-72BD-E3A44DA7FFDE}
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMB36X Raid Configurer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exe
Marvell Network Configuration Utility-->MsiExec.exe /X{7A351AAA-E651-41B1-89B6-972A676FF78B}
McAfee VirusScan Enterprise-->MsiExec.exe /X{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpaceIM-->C:\Program Files (x86)\MySpace\IM\Uninstall.exe
Nero 8-->MsiExec.exe /X{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NGists G15/TeamSpeak Display-->MsiExec.exe /X{07C903D3-2996-4683-9B49-7839207148CA}
OpenAL-->"C:\Program Files (x86)\OpenAL\oalinst.exe" /U
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
PC Probe II-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PunkBuster for Battlefield 1942-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{127B684B-A002-44C8-99A7-6CF8F1E26873}\setup.exe" -l0x9
PunkBuster for Battlefield Vietnam-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}\setup.exe" -l0x9
RealPlayer-->C:\Program Files (x86)\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Shellshock 2-->C:\Program Files (x86)\Eidos\Shellshock 2\uninstall.exe
Sound Blaster X-Fi MB-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\setup.exe" -l0x9 /remove
SoundMAX-->C:\Program Files (x86)\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe -runfromtemp -l0x0009 -removeonly
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
The Chronicles of Riddick - Assault on Dark Athena-->C:\Program Files (x86)\InstallShield Installation Information\{12C85315-0989-4C28-8956-33458F464DD6}\Setup.exe -runfromtemp -l0x0009 -removeonly
The Clockwork Man-->C:\Program Files (x86)\The Clockwork Man\uninstall.exe
Tom Clancy's H.A.W.X Demo-->"C:\Program Files (x86)\InstallShield Installation Information\{6C596FD6-C378-4399-93F1-43A206759B23}\setup.exe" -runfromtemp -l0x0009 -removeonly
TurboV-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{A31951C5-DCD8-4DFE-A525-CFC701F54792}\setup.exe" -l0x9
TweakIt-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{922A36F5-6663-45C0-A515-B63C4E585195}\setup.exe" -l0x9
UberSoldier-->C:\Program Files (x86)\UberSoldier\Uninstall\uninstall.exe /C "/U:C:\Program Files (x86)\UberSoldier\Uninstall\uninstall.xml"
Ulead Burn.Now 4.5 SE-->C:\Program Files (x86)\InstallShield Installation Information\{A3BE3F1E-2472-4211-8735-E8239BE49D9F}\setup.exe -runfromtemp -l0x0409
Ulisess Seguridad 9.98-->C:\Program Files\ESET\uninstall.exe
Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
Virtual Cable Tester-->MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Winmx Community 1-->C:\Program Files (x86)\Winmx\Remove1.exe
WinRAR archiver-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip 11.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
World of Warcraft FREE Trial-->MsiExec.exe /X{02EBDBB9-4600-41D3-B566-40CB861511D2}
Yahoo! Messenger-->C:\PROGRA~2\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~2\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AV: McAfee VirusScan Enterprise
AS: Windows Defender

======System event log======

Computer Name: Frank-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Record Number: 47982
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090516033803.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 47983
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090516033803.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service wcncsvc with arguments "" in order to run the server:
{375FF000-DD27-11D9-8F9C-0002B3988E81}
Record Number: 47986
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090516034223.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 10005
Message: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}
Record Number: 47987
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090516034223.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server:
{000C101C-0000-0000-C000-000000000046}
Record Number: 47991
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090516050718.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Frank-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Record Number: 6183
Source Name: SideBySide
Time Written: 20090516040400.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Record Number: 6184
Source Name: SideBySide
Time Written: 20090516040400.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 78
Message: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Record Number: 6185
Source Name: SideBySide
Time Written: 20090516040400.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vistasp1_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 6186
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090516040404.000000-000
Event Type: Error
User:

Computer Name: Frank-PC
Event Code: 1015
Message: Failed to connect to server. Error: 0x8007043C
Record Number: 6193
Source Name: MsiInstaller
Time Written: 20090516050718.000000-000
Event Type: Warning
User: Frank-PC\Frank

=====Security event log=====

Computer Name: Frank-PC
Event Code: 4647
Message: User initiated logoff:

Subject:
Security ID: S-1-5-21-1627619556-3166479835-1109915655-1000
Account Name: Frank
Account Domain: Frank-PC
Logon ID: 0x23948

This event is generated when a logoff is initiated but the token reference count is not zero and the logon session cannot be destroyed. No further user-initiated activity can occur. This event can be interpreted as a logoff event.
Record Number: 15742
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090516040325.543974-000
Event Type: Audit Success
User:

Computer Name: Frank-PC
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-21-1627619556-3166479835-1109915655-1000
Account Name: Frank
Account Domain: Frank-PC
Logon ID: 0x23948

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 15743
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090516040329.256774-000
Event Type: Audit Success
User:

Computer Name: Frank-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FRANK-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: Frank
Account Domain: Frank-PC
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x7b0
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Network Address: 127.0.0.1
Port: 0

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 15744
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090516040358.912374-000
Event Type: Audit Success
User:

Computer Name: Frank-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FRANK-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-1627619556-3166479835-1109915655-1000
Account Name: Frank
Account Domain: Frank-PC
Logon ID: 0x72b622
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x7b0
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: FRANK-PC
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 15745
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090516040358.912374-000
Event Type: Audit Success
User:

Computer Name: Frank-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-1627619556-3166479835-1109915655-1000
Account Name: Frank
Account Domain: Frank-PC
Logon ID: 0x72b622

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 15746
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090516040358.912374-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\Common Files\Ulead Systems\MPEG;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 26 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=1a04
"NUMBER_OF_PROCESSORS"=8
"VSEDEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"DEFLOGDIR"=C:\ProgramData\McAfee\DesktopProtection
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by Frank at 2009-05-16 01:16:58
Microsoft® Windows Vista™ Ultimate Service Pack 1
System drive C: has 163 GB (34%) free of 477 GB
Total RAM: 6134 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:16:58, on 5/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\Users\Frank\Documents\Downloads\RSIT.exe
C:\Program Files (x86)\Trend Micro\HijackThis\Frank.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up] "C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTSyncService] "C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" /StartRunKey
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [TweakIt Help] "C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe" -r
O4 - HKLM\..\Run: [TurboV] "C:\Program Files (x86)\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: AntiCrash.lnk = C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files (x86)\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: SetPointII.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files (x86)\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files%20(x86)/The%20Clockwork%20Man/Images/armhelper.ocx
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 11048 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{F6E705AC-0D2D-4642-BF1B-32ED47BE4ED9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-06 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\McAfee\VirusScan Enterprise\Scriptcl.dll [2008-10-06 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ai Nap"=C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe [2008-09-19 1423360]
"QFan Help"=C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe [2008-05-06 594432]
"Cpu Level Up"=C:\Program Files\ASUS\Ai Suite\CPU Level UPEx\CpuLevelUp.exe [2008-10-01 1166336]
"VolPanel"=C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [2008-02-11 221288]
"UpdReg"=C:\Windows\UpdReg.EXE [2000-05-11 90112]
"CTSyncService"=C:\Program Files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe [2008-04-17 1233196]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2008-03-16 1302528]
"Launch Direct Link"=C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe [2008-10-14 1212416]
"Launch As Cmd Runner"=C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe [2008-06-17 376832]
"TweakIt Help"=C:\Program Files (x86)\ASUS\TweakIt\TweakIt.exe [2008-10-01 817152]
"TurboV"=C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [2008-10-09 4040192]
"ShStatEXE"=C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\SHSTAT.EXE [2008-10-06 128848]
"McAfeeUpdaterUI"=C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe [2007-10-25 136512]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2009-04-06 198160]
""= []
"RoxWatchTray"=C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
"GrpConv"=grpconv -o []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"=C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [2009-02-27 2542528]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-01-27 2387968]
"Steam"=C:\Program Files (x86)\Steam\Steam.exe [2009-03-01 1410296]
"ISUSPM"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [2007-08-30 205480]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SetPointII.lnk - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
WinZip Quick Pick.lnk - C:\Program Files (x86)\WinZip\WZQKPICK.EXE

C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AntiCrash.lnk - C:\Program Files (x86)\Dachshund Software\AntiCrash\AntiCrash.exe
Hare.lnk - C:\Program Files (x86)\Dachshund Software\Hare\Hare.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-16 01:16:58 ----D---- C:\rsit
2009-05-15 23:49:41 ----A---- C:\Windows\system32\tmp.txt
2009-05-15 23:49:41 ----A---- C:\Users\Frank\AppData\Roaming\SetValue.bat
2009-05-15 23:49:41 ----A---- C:\Users\Frank\AppData\Roaming\GetValue.vbs
2009-05-15 23:49:36 ----A---- C:\rapport.txt
2009-05-15 23:49:24 ----A---- C:\Windows\system32\WS2Fix.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\VCCLSID.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\VACFix.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\swxcacls.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\swreg.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\SrchSTS.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\Process.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\o4Patch.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\IEDFix.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\IEDFix.C.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\dumphive.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe
2009-05-15 23:49:24 ----A---- C:\Windows\system32\404Fix.exe
2009-05-15 23:48:04 ----D---- C:\VundoFix Backups
2009-05-15 23:48:04 ----A---- C:\VundoFix.txt
2009-05-15 23:47:18 ----D---- C:\ComboFix
2009-05-15 23:47:18 ----A---- C:\Windows\system32\swsc.exe
2009-05-15 23:47:18 ----A---- C:\Windows\system32\CF3545.exe
2009-05-15 23:46:28 ----D---- C:\Qoobox
2009-05-15 23:46:28 ----A---- C:\Bug.txt
2009-05-15 23:46:26 ----A---- C:\Windows\system32\cmd.execf
2009-05-15 23:13:43 ----D---- C:\Program Files (x86)\Trend Micro
2009-05-15 23:11:31 ----A---- C:\Windows\ntbtlog.txt
2009-05-15 16:30:31 ----D---- C:\Windows\pss
2009-05-12 16:30:55 ----AH---- C:\Users\Frank\AppData\Roaming\dach100.dll
2009-05-10 15:28:34 ----D---- C:\Users\Frank\AppData\Roaming\Bioshock
2009-05-09 13:07:02 ----D---- C:\Users\Frank\AppData\Roaming\SUPERAntiSpyware.com
2009-05-09 13:07:02 ----D---- C:\Program Files (x86)\SUPERAntiSpyware
2009-05-07 22:31:26 ----D---- C:\ProgramData\Eidos
2009-05-07 22:31:26 ----D---- C:\Program Files (x86)\OpenAL
2009-05-07 22:31:26 ----D---- C:\Program Files (x86)\Eidos
2009-04-30 23:05:00 ----D---- C:\Users\Frank\AppData\Roaming\Atari
2009-04-30 23:04:05 ----D---- C:\ProgramData\Tages
2009-04-30 21:33:19 ----D---- C:\Program Files (x86)\Atari
2009-04-30 20:23:41 ----D---- C:\Program Files (x86)\UberSoldier
2009-04-29 15:34:45 ----D---- C:\Program Files (x86)\Return to Castle Wolfenstein DEMO
2009-04-29 02:09:35 ----D---- C:\Program Files (x86)\Defraggler
2009-04-27 09:38:19 ----D---- C:\ProgramData\ATI
2009-04-22 00:20:44 ----A---- C:\Windows\system32\xlivefnt.dll
2009-04-22 00:20:44 ----A---- C:\Windows\system32\xlive.dll
2009-04-22 00:19:06 ----A---- C:\Windows\system32\xlive.dll.cat
2009-04-18 11:19:21 ----D---- C:\Users\Frank\AppData\Roaming\Total Eclipse
2009-04-18 11:19:12 ----AD---- C:\ProgramData\TEMP
2009-04-18 11:00:57 ----D---- C:\Users\Frank\AppData\Roaming\SpinTop
2009-04-18 11:00:57 ----D---- C:\Program Files (x86)\The Clockwork Man
2009-04-17 10:35:04 ----D---- C:\Users\Frank\AppData\Roaming\SpinTop Games
2009-04-17 10:34:28 ----D---- C:\ProgramData\PopCap Games
2009-04-17 09:35:58 ----D---- C:\Windows\system32\Adobe

======List of files/folders modified in the last 1 months======

2009-05-16 00:05:04 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-05-16 00:02:06 ----D---- C:\Windows\SysWOW64
2009-05-15 23:40:51 ----D---- C:\Windows\System32
2009-05-15 23:40:51 ----D---- C:\Windows\inf
2009-05-15 23:29:37 ----D---- C:\Windows\Temp
2009-05-15 23:28:56 ----D---- C:\Program Files (x86)\Steam
2009-05-15 23:13:43 ----RD---- C:\Program Files (x86)
2009-05-15 23:11:31 ----D---- C:\Windows
2009-05-15 23:06:38 ----RD---- C:\Users
2009-05-15 22:59:23 ----D---- C:\Windows\Prefetch
2009-05-15 19:14:47 ----D---- C:\Windows\Tasks
2009-05-15 19:14:46 ----SHD---- C:\Windows\Installer
2009-05-15 19:14:46 ----D---- C:\Users\Frank\AppData\Roaming\Ventrilo
2009-05-15 19:14:43 ----D---- C:\Windows\registration
2009-05-15 19:13:07 ----SHD---- C:\System Volume Information
2009-05-15 17:52:16 ----SD---- C:\ProgramData\Microsoft
2009-05-15 17:40:27 ----D---- C:\Program Files (x86)\SpeedFan
2009-05-15 16:31:30 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-05-15 16:31:29 ----D---- C:\Windows\system32\drivers
2009-05-15 13:15:35 ----D---- C:\Windows\Debug
2009-05-14 17:37:19 ----D---- C:\ProgramData\DVD Shrink
2009-05-13 16:05:55 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-05-13 03:10:56 ----D---- C:\Windows\winsxs
2009-05-13 03:00:28 ----D---- C:\Program Files (x86)\Windows Mail
2009-05-13 01:55:28 ----A---- C:\Windows\NeroDigital.ini
2009-05-10 14:09:21 ----RSD---- C:\Windows\assembly
2009-05-10 13:44:14 ----D---- C:\QUARANTINE
2009-05-09 16:23:29 ----RD---- C:\Program Files
2009-05-09 13:22:44 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2009-05-08 07:02:51 ----D---- C:\Program Files (x86)\Internet Explorer
2009-05-07 22:31:26 ----HD---- C:\ProgramData
2009-05-07 22:31:26 ----A---- C:\Windows\system32\wrap_oal.dll
2009-05-07 22:31:26 ----A---- C:\Windows\system32\OpenAL32.dll
2009-05-01 22:57:40 ----D---- C:\Users\Frank\AppData\Roaming\FrostWire
2009-05-01 19:01:39 ----SHD---- C:\$Recycle.Bin
2009-05-01 01:01:24 ----D---- C:\Users\Frank\AppData\Roaming\uTorrent
2009-04-30 21:34:04 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-04-30 21:33:39 ----D---- C:\ProgramData\Media Center Programs
2009-04-30 21:07:45 ----D---- C:\Program Files (x86)\ATI
2009-04-30 21:07:42 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-04-18 11:19:15 ----SD---- C:\Windows\Downloaded Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R1 mfetdik;McAfee Inc.; C:\Windows\system32\drivers\mfetdik.sys []
R3 AnyDVD;AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [2009-01-29 120256]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys []
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
R3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys []
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys []
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys []
S1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2007-12-17 14392]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
S1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys []
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
S2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
S3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
S3 mfeapfk;McAfee Inc.; C:\Windows\system32\drivers\mfeapfk.sys []
S3 mfeavfk;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk.sys []
S3 mfehidk;McAfee Inc.; C:\Windows\system32\drivers\mfehidk.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb_AMD64.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys []
S3 SkLaggProtocol;Marvell Link Aggregation Protocol; C:\Windows\system32\DRIVERS\yk60x64l.sys []
S3 SkVlanProtocol;Marvell VLAN Protocol; C:\Windows\system32\DRIVERS\yk60x64v.sys []
S3 ULCDRHlp;ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [2004-12-23 27392]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
S2 AsSysCtrlService;ASUS System Control Service; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2008-03-12 417792]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2007-10-25 103744]
S2 McShield;McAfee McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2008-10-06 154432]
S2 McTaskManager;McAfee Task Manager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2008-10-06 54608]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-12-02 877864]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
S2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-04-04 66872]
S2 ProtexisLicensing;ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [2007-06-05 177704]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-06 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S2 yksvc;Marvell Yukon Service; ykx64mpcoinst,serviceStartProc []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-02-26 93184]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 fsssvc;Windows Live Family Safety; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-12-12 537896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-19 19968]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-06 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2009-02-27 79360]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-04-17 322032]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S4 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
S4 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-04-09 23296]
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-04-09 731840]

-----------------EOF-----------------

Attached Files


Edited by Frank Vasquez, 16 May 2009 - 12:23 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:41 PM

Posted 30 May 2009 - 01:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:08:41 PM

Posted 16 June 2009 - 04:35 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users