Blue Screen of Death

[felinaboricua21]

Lately I've been getting the BSOD atleast once a day. The info that gives me is as followed:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this stop error screen, restart your computer. If this screen appears again follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching and shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advance Startup options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005, 0X8FEAC1D9, 0XAF17B204, 0X00000000)

*** Klif.sys - Address 8FEAC1D9base at 8FE8D000, DateStamp 4afabcf7
------------------------------------------
The only thing I tried was going into Safe Mode> Control Panel> System> Device Manager
from there I deleted the progams with an exclamation mark next to it. The 3 of them were unidentified programs.
Then I ran Spybot- Search & Destroy and eliminated everything it found.
I still got the message again.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:24:15 PM, on 11/3/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://www.yahoo.com/?fr=fp-yie8"]Yahoo![/URL]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://yahoo.com/"]Yahoo![/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [URL="http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop"]HP® - Laptops, Desktop, Printers, Servers, and more[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [URL="http://go.microsoft.com/fwlink/?LinkId=54896"]Bing[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [URL="http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop"]HP® - Laptops, Desktop, Printers, Servers, and more[/URL]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPage.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [CaptureIt] C:\Program Files\CaptureIt\CaptureIt.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Cool Tattoos Feed Reader] C:\Program Files\Cool Tattoos Feed Reader\CustomReader.exe /background
O4 - HKCU\..\Run: [COMMUNICATOR] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" /silentRetrials /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix: 
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - [URL]http://p.playfirst.com/play/game/fas...b.1.0.0.21.cab[/URL]
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - [URL]http://p.playfirst.com/play/game/spo...b.1.0.0.17.cab[/URL]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [URL="http://upload.facebook.com/controls/...oUploader5.cab"]Page Not Found | Facebook[/URL]
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - [URL]http://p.playfirst.com/play/game/coo...eb.1.0.0.9.cab[/URL]
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - [URL]http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab[/URL]
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - [URL]http://p.playfirst.com/play/game/fit...b.1.0.0.11.cab[/URL]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - [URL]http://dl.tvunetworks.com/TVUAx.cab[/URL]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [URL]http://lads.myspace.com/upload/MySpaceUploader1006.cab[/URL]
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - [URL]http://p.playfirst.com/play/game/dog...h.1.0.0.10.cab[/URL]
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - [URL]http://download.divx.com/player/DivXBrowserPlugin.cab[/URL]
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - [URL]https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab[/URL]
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - [URL]http://h20270.www2.hp.com/ediags/gmn...tDetection.cab[/URL]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [URL]http://www.nick.com/common/groove/gx/GrooveAX27.cab[/URL]
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - [URL]http://h20264.www2.hp.com/ediags/dd/...sticsVista.cab[/URL]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - [URL]http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540400} - [URL]http://fpdownload2.macromedia.com/ge...sh/swflash.cab[/URL]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - [URL]http://fpdownload2.macromedia.com/ge...sh/swflash.cab[/URL]
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - [URL]http://www.playfirst.com/play/game/d...h.1.0.0.93.cab[/URL]
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [URL]http://www.shockwave.com/content/ins...loader_v10.cab[/URL]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 18118 bytes

There is lot of things that I don't even know how they got there, maybe my kids downloaded them...

 

[niemiro]

Hello,

My name is Richard, and I will be helping you with this problem. In actual fact, I am not incredible with BSoDs, I can do the simple ones, but nothing advanced, and so I will probably call in more of an expert to help us. I will deal with your HiJackThis log, while he deals with the BSoD, so please follow both of our advice together. But at first, I will do the routine BSoD work.

This error you see (Blue Screen of Death (BSoD)) can be caused by malware, but in this case I think not. Your HiJackThis log shows nothing really dangerous, but a little bit of junk and Adware, and I will help you deal with that.

Your BSoD is caused by a Kaspersky driver, your Anti-Virus software. What I need to know is how happy you are to remove this software. Have you paid for it? When is it due to expire? Do you like it? I will never force you to remove it, but removing it will solve the problem. If you choose to try and fix it, I will gather all required data, and then bring in the expert to try and fix it for you, or else, we could switch to a very good (in my opinion, better), free Anti-Virus program. Your choice.


Anyway, please do all of the following.

For the BSoD:

STEP ONE:

Please navigate to C:\Windows\Minidumps, highlight everything in that folder, right click on one, while still highlighted, Sent To > Compressed (Zipped) folder, copy that zip archive (file or folder) to your Desktop, and upload it to your next post. This is crucial!

STEP TWO:

Please go to here: http://www.vistax64.com/tutorials/176785-vistaforums-sysinfo-tool.html and create a log Selecting Everything. Either upload it to your next reply, or put it in a Code box.


For the Junk:

STEP ONE:

If you can, please post the Spyware Search and Destroy Log.

STEP TWO:

TFC (Temp File Cleaner) - Download - Homepage
Why? This will remove unneeded temporary files from your system, make automated scans that follow run faster, and save you time. Many infections also load from a temporary file location.

• Download TFC to your desktop, or other location.
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.


STEP THREE:

Malwarebytes' Anti-Malware a.k.a. MBAM - Download Free Version (freeware) - Homepage
Why? Malwarebytes' Anti-Malware is very good at removing the zlob trojan, virtumonde, and most other current infections. This single tool has replaced multiple tools that have been required in the past.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, confirm a check mark is placed next to the following:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. The rogue application should now be gone.

When completed, a log will open in Notepad. If you need to create a new topic, please paste this log with it.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

Extra Note: Do not run a full scan with MBAM. It is not required or needed, and in fact makes our job tougher.


STEP FOUR:
Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 2 (Fix)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)


STEP FIVE:

Post a new HiJackThis log:


Thanks! You will get helped, and I know there is a lot there!

Richard

 

[felinaboricua21]

I can't create the zip file. Is giving me an ERROR message.
It says:
File not found or no read permission.

 

[felinaboricua21]

*************************************************************
********************** Computer Info ************************
*************************************************************
Logged in user: Family\Yessi
Computer Model: KJ387AA-ABA a6403w
Computer Manufacturer: HP-Pavilion
OS Name: Microsoft® Windows Vista™ Home Premium |C:\Windows|\Device\Harddisk0\Partition1
OS Version: 6.0.6002
System Type: X86-based PC
Total Physical Memory: 1916 MB
Windows Directory: C:\Windows
BIOS Version: Phoenix - AwardBIOS v6.00PG
CPU: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz
Video Card: NVIDIA GeForce 7100 / NVIDIA nForce 630i
Resolution: 1440 x 900 x 4294967296 colors


*************************************************************
*********************** UAC Status **************************
*************************************************************
UAC is currently enabled


*************************************************************
***************** Installed Applications ********************
*************************************************************

HP Driver Diagnostics - Location: C:\Program Files\Hp\
Windows Media Player Firefox Plugin - Location:
HP Product Detection - Location: C:\Program Files\HP\Common\
RealUpgrade 1.0 - Location:
erLT - Location: C:\Program Files\Logitech\Ereg\
Microsoft Office OneNote MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Groove Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office InfoPath MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Access MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Shared Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Excel MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Access Setup Metadata MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office PowerPoint MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Publisher MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Outlook MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Groove MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Word MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proofing (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Shared MUI (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (English) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (Spanish) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Proof (French) 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Enterprise 2007 - Location: C:\Program Files\Microsoft Office\
Microsoft Office Professional 2007 - Location: C:\Program Files\Microsoft Office\
D1400 - Location:
AIO_CDB_ProductContext - Location:
dj_sf_software_req - Location:
HPPhotoSmartPhotobookWebPack1 - Location:
HP Photosmart Essential 2.5 - Location:
HP Update - Location:
PowerDirector - Location: c:\Program Files\Cyberlink\PowerDirector\
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 - Location:
Microsoft Works - Location:
VoiceOver Kit - Location: C:\Program Files\iTunes\
CameraHelperMsi - Location:
Snapfish Picture Mover - Location: C:\Program Files\Snapfish Picture Mover\
Microsoft_VC90_CRT_x86 - Location: C:\Program Files\Adobe\My Product Name\
Logitech Vid - Location: C:\Program Files\Logitech\Vid\
Adobe Elements Inspiration Browser - Location: C:\Program Files\Adobe\PhotoshopdotcomInspirationBrowser
Google Toolbar for Internet Explorer - Location: C:\Program Files\Google\Installers\
Microsoft SQL Server 2005 Compact Edition [ENU] - Location: C:\Program Files\Microsoft SQL Server Compact Edition\
Roxio Creator Audio - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Audio\
Microsoft_VC80_MFC_x86 - Location: C:\Program Files\Adobe\My Product Name\
Roxio Media Manager - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Main\
HP Advisor - Location: C:\Program Files\Hewlett-Packard\HP Advisor\
Microsoft_VC80_MFCLOC_x86 - Location: C:\Program Files\Adobe\My Product Name\
Microsoft .NET Framework 3.5 SP1 - Location:
Windows Mobile Device Center - Location:
LWS VideoEffects - Location:
OGA Notifier 2.0.0048.0 - Location:
Apple Mobile Device Support - Location: C:\Program Files\Common Files\Apple\Mobile Device Support\
Roxio Creator EasyArchive - Location:
Microsoft Visual C++ 2005 Redistributable - Location:
Windows Live Photo Gallery - Location:
Apple Application Support - Location: C:\Program Files\Common Files\Apple\Apple Application Support\
BufferChm - Location:
dj_sf_ProductContext - Location:
LWS Webcam Software - Location:
LWS YouTube Plugin - Location:
WebReg - Location:
PanoStandAlone - Location:
Java(TM) 6 Update 18 - Location: C:\Program Files\Java\jre6\
Windows Mobile Device Center Driver Update - Location:
Acrobat.com - Location: C:\Program Files\Adobe\Acrobat_com
Hewlett-Packard Asset Agent for Health Check - Location:
LWS Facebook - Location:
Greeting Card Factory Express Workshop - Location:
Microsoft .NET Framework 4 Client Profile - Location:
Adobe Media Player - Location: C:\Program Files\Adobe Media Player
Adobe Reader 9.3 - Location: C:\Program Files\Adobe\Reader 9.0\Reader\
Windows Live ID Sign-in Assistant - Location:
MSXML 4.0 SP2 (KB973688) - Location:
Sonic Creator Copy - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Copy\
D1400_Help - Location:
Roxio Activation Module - Location: C:\Program Files\Common Files\Roxio Shared\DLLShared\
TrayApp - Location:
HPProductAssistant - Location:
LWS Video Mask Maker - Location:
LightScribeTemplateLabeler - Location: C:\Program Files\LightScribeTemplateLabeler\
Windows Live Mail - Location:
MarketResearch - Location:
Compaq Demo - Location:
LWS Pictures And Video - Location:
Java(TM) SE Runtime Environment 6 Update 1 - Location:
Roxio Media Manager - Location: C:\Program Files\Roxio\
OverDrive Media Console - Location:
Microsoft_VC80_ATL_x86 - Location: C:\Program Files\Adobe\My Product Name\
Microsoft_VC80_CRT_x86 - Location: C:\Program Files\Adobe\My Product Name\
Bonjour - Location: C:\Program Files\Bonjour\
Google Update Helper - Location:
Kaspersky Internet Security 2010 - Location: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\
PSSWCORE - Location:
Apple Software Update - Location: C:\Program Files\Apple Software Update\
Cards_Calendar_OrderGift_DoMorePlugout - Location:
SolutionCenter - Location:
CustomerResearchQFolder - Location:
DeviceDiscovery - Location:
PDF Settings CS5 - Location:
Adobe Community Help - Location: C:\Program Files\Adobe\Adobe Help
Hewlett-Packard Active Check - Location:
Skype™ 4.2 - Location: C:\Program Files\Skype\
SmartWebPrinting - Location:
Windows Live installer - Location:
Microsoft Visual C++ 2005 Redistributable - Location:
Microsoft_VC90_MFC_x86 - Location: C:\Program Files\Adobe\My Product Name\
LWS WLM Plugin - Location:
HPSSupply - Location: C:\Program Files\HP\
eSupportQFolder - Location:
LightScribe System Software - Location: C:\Program Files\Common Files\LightScribe\
iTunes - Location: C:\Program Files\iTunes\
LWS Launcher - Location:
LWS Gallery - Location:
VC80CRTRedist - 8.0.50727.762 - Location:
UnloadSupport - Location:
dj_sf_software - Location:
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 - Location:
Adobe AIR - Location: c:\Program Files\Common Files\Adobe AIR\
Microsoft Silverlight - Location: c:\Program Files\Microsoft Silverlight\
Toolbox - Location:
MSXML 4.0 SP2 (KB954430) - Location:
Roxio Creator Data - Location: C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\Data\
Status - Location:
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 - Location:
QuickTime - Location: C:\Program Files\QuickTime\
LWS Help_main - Location:
HP Product Assistant - Location: C:\Program Files\HP\Digital Imaging\Product Assistant\
VideoToolkit01 - Location:
Microsoft_VC90_ATL_x86 - Location: C:\Program Files\Adobe\My Product Name\
HP Customer Feedback - Location:
LWS Motion Detection - Location:
Java Auto Updater - Location:
HP Active Support Library - Location: c:\Program Files\Hewlett-Packard\HP Health Check\
Content Transfer - Location: C:\Program Files\Sony\Content Transfer\


*************************************************************
************************* Services **************************
*************************************************************

------------------------------------------
Name: Application Experience
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: AffinegyService
Path: "C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Akamai NetSession Interface
Path: C:\Windows\System32\svchost.exe -k Akamai
StartMode: Auto
State: Running
------------------------------------------
Name: Application Layer Gateway Service
Path: C:\Windows\System32\alg.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Application Information
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Apple Mobile Device
Path: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Audio Endpoint Builder
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Audio
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Kaspersky Internet Security
Path: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" -r
StartMode: Auto
State: Running
------------------------------------------
Name: Base Filtering Engine
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Background Intelligent Transfer Service
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Bonjour Service
Path: "C:\Program Files\Bonjour\mDNSResponder.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Computer Browser
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Bluetooth Support Service
Path: C:\Windows\system32\svchost.exe -k bthsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Certificate Propagation
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft .NET Framework NGEN v2.0.50727_X86
Path: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Microsoft .NET Framework NGEN v4.0.30319_X86
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
StartMode: Auto
State: Stopped
------------------------------------------
Name: COM+ System Application
Path: C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
StartMode: Manual
State: Stopped
------------------------------------------
Name: Cryptographic Services
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: DCOM Server Process Launcher
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
StartMode: Auto
State: Running
------------------------------------------
Name: DFS Replication
Path: C:\Windows\system32\DFSR.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: DHCP Client
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: DNS Client
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Wired AutoConfig
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic Policy Service
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Extensible Authentication Protocol
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Windows Media Center Receiver Service
Path: C:\Windows\ehome\ehRecvr.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Center Scheduler Service
Path: C:\Windows\ehome\ehsched.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Center Service Launcher
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Stopped
------------------------------------------
Name: ReadyBoost
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Event Log
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: COM+ Event System
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Function Discovery Provider Host
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Function Discovery Resource Publication
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Font Cache Service
Path: C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Presentation Foundation Font Cache 3.0.0.0
Path: C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
StartMode: Manual
State: Running
------------------------------------------
Name: GameConsoleService
Path: "C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Group Policy Client
Path: C:\Windows\system32\svchost.exe -k GPSvcGroup
StartMode: Auto
State: Running
------------------------------------------
Name: Google Update Service (gupdate)
Path: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
StartMode: Auto
State: Stopped
------------------------------------------
Name: Google Software Updater
Path: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Human Interface Device Access
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Health Key and Certificate Management
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: HP Health Check Service
Path: "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: hpqcxs08
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
StartMode: Manual
State: Running
------------------------------------------
Name: HP CUE DeviceDiscovery Service
Path: C:\Windows\system32\svchost.exe -k hpdevmgmt
StartMode: Auto
State: Running
------------------------------------------
Name: InstallDriver Table Manager
Path: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows CardSpace
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: IKE and AuthIP IPsec Keying Modules
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: PnP-X IP Bus Enumerator
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: IP Helper
Path: C:\Windows\System32\svchost.exe -k NetSvcs
StartMode: Auto
State: Running
------------------------------------------
Name: iPod Service
Path: "C:\Program Files\iPod\bin\iPodService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: CNG Key Isolation
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Running
------------------------------------------
Name: KtmRm for Distributed Transaction Coordinator
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Server
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Workstation
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: LightScribeService Direct Disc Labeling Service
Path: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Link-Layer Topology Discovery Mapper
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: TCP/IP NetBIOS Helper
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Process Monitor
Path: "C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: McAfee SiteAdvisor Service
Path: c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Media Center Extender Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Microsoft Office Groove Audit Service
Path: "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Multimedia Class Scheduler
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Firewall
Path: C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
StartMode: Auto
State: Running
------------------------------------------
Name: Distributed Transaction Coordinator
Path: C:\Windows\System32\msdtc.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft iSCSI Initiator Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Installer
Path: C:\Windows\system32\msiexec /V
StartMode: Manual
State: Running
------------------------------------------
Name: Network Access Protection Agent
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Net Driver HPZ12
Path: C:\Windows\System32\svchost.exe -k HPZ12
StartMode: Auto
State: Stopped
------------------------------------------
Name: Netlogon
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Network Connections
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Running
------------------------------------------
Name: Network List Service
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Net.Tcp Port Sharing Service
Path: "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Network Location Awareness
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Network Store Interface Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: NVIDIA Display Driver Service
Path: C:\Windows\system32\nvvsvc.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Microsoft Office Diagnostics Service
Path: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Office Source Engine
Path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Networking Identity Manager
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Networking Grouping
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Program Compatibility Assistant Service
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Performance Logs & Alerts
Path: C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
StartMode: Manual
State: Stopped
------------------------------------------
Name: Plug and Play
Path: C:\Windows\system32\svchost.exe -k DcomLaunch
StartMode: Auto
State: Running
------------------------------------------
Name: Pml Driver HPZ12
Path: C:\Windows\System32\svchost.exe -k HPZ12
StartMode: Auto
State: Stopped
------------------------------------------
Name: PNRP Machine Name Publication Service
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: Peer Name Resolution Protocol
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Manual
State: Stopped
------------------------------------------
Name: IPsec Policy Agent
Path: C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: User Profile Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Protected Storage
Path: C:\Windows\system32\lsass.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Quality Windows Audio Video Experience
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Mobile-based device connectivity
Path: C:\Windows\system32\svchost.exe -k WindowsMobile
StartMode: Auto
State: Running
------------------------------------------
Name: Remote Access Auto Connection Manager
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Remote Access Connection Manager
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Running
------------------------------------------
Name: Routing and Remote Access
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Remote Registry
Path: C:\Windows\system32\svchost.exe -k regsvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio UPnP Renderer 9
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio Upnp Server 9
Path: "C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: LiveShare P2P Server 9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: RoxMediaDB9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Roxio Hard Drive Watcher 9
Path: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
StartMode: Auto
State: Stopped
------------------------------------------
Name: Remote Procedure Call (RPC) Locator
Path: C:\Windows\system32\locator.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Remote Procedure Call (RPC)
Path: C:\Windows\system32\svchost.exe -k rpcss
StartMode: Auto
State: Running
------------------------------------------
Name: Security Accounts Manager
Path: C:\Windows\system32\lsass.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SBSD Security Center Service
Path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Smart Card
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Task Scheduler
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Smart Card Removal Policy
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Backup
Path: C:\Windows\system32\svchost.exe -k SDRSVC
StartMode: Manual
State: Stopped
------------------------------------------
Name: Secondary Logon
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: System Event Notification Service
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Terminal Services Configuration
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Internet Connection Sharing (ICS)
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Disabled
State: Stopped
------------------------------------------
Name: Shell Hardware Detection
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Software Licensing
Path: C:\Windows\system32\SLsvc.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SL UI Notification Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: SNMP Trap
Path: C:\Windows\System32\snmptrap.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Print Spooler
Path: C:\Windows\System32\spoolsv.exe
StartMode: Auto
State: Running
------------------------------------------
Name: SSDP Discovery
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Secure Socket Tunneling Protocol Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Running
------------------------------------------
Name: Windows Image Acquisition (WIA)
Path: C:\Windows\system32\svchost.exe -k imgsvc
StartMode: Auto
State: Running
------------------------------------------
Name: Adobe SwitchBoard
Path: "C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: Microsoft Software Shadow Copy Provider
Path: C:\Windows\System32\svchost.exe -k swprv
StartMode: Manual
State: Stopped
------------------------------------------
Name: Superfetch
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Tablet PC Input Service
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Telephony
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Running
------------------------------------------
Name: TPM Base Services
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Auto
State: Stopped
------------------------------------------
Name: Terminal Services
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Auto
State: Running
------------------------------------------
Name: Themes
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Thread Ordering Server
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Distributed Link Tracking Client
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Modules Installer
Path: C:\Windows\servicing\TrustedInstaller.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Interactive Services Detection
Path: C:\Windows\system32\UI0Detect.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: UPnP Device Host
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Desktop Window Manager Session Manager
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Virtual Disk
Path: C:\Windows\System32\vds.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Viewpoint Manager Service
Path: "C:\Program Files\Viewpoint\Common\ViewpointService.exe"
StartMode: Auto
State: Running
------------------------------------------
Name: Volume Shadow Copy
Path: C:\Windows\system32\vssvc.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Time
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Mobile-2003-based device connectivity
Path: C:\Windows\system32\svchost.exe -k WindowsMobile
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Connect Now - Config Registrar
Path: C:\Windows\System32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Color System
Path: C:\Windows\system32\svchost.exe -k wcssvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic Service Host
Path: C:\Windows\System32\svchost.exe -k wdisvc
StartMode: Manual
State: Stopped
------------------------------------------
Name: Diagnostic System Host
Path: C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Manual
State: Running
------------------------------------------
Name: WebClient
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Event Collector
Path: C:\Windows\system32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Problem Reports and Solutions Control Panel Support
Path: C:\Windows\System32\svchost.exe -k netsvcs
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Error Reporting Service
Path: C:\Windows\System32\svchost.exe -k WerSvcGroup
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Defender
Path: C:\Windows\System32\svchost.exe -k secsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: WinHTTP Web Proxy Auto-Discovery Service
Path: C:\Windows\system32\svchost.exe -k LocalService
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Management Instrumentation
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Remote Management (WS-Management)
Path: C:\Windows\System32\svchost.exe -k NetworkService
StartMode: Manual
State: Stopped
------------------------------------------
Name: WLAN AutoConfig
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Live ID Sign-in Assistant
Path: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Live Setup Service
Path: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
StartMode: Manual
State: Stopped
------------------------------------------
Name: WMI Performance Adapter
Path: C:\Windows\system32\wbem\WmiApSrv.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Windows Media Player Network Sharing Service
Path: "C:\Program Files\Windows Media Player\wmpnetwk.exe"
StartMode: Manual
State: Running
------------------------------------------
Name: Parental Controls
Path: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Portable Device Enumerator Service
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Presentation Foundation Font Cache 4.0.0.0
Path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
StartMode: Manual
State: Stopped
------------------------------------------
Name: Security Center
Path: C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Search
Path: C:\Windows\system32\SearchIndexer.exe /Embedding
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Update
Path: C:\Windows\system32\svchost.exe -k netsvcs
StartMode: Auto
State: Running
------------------------------------------
Name: Windows Driver Foundation - User-mode Driver Framework
Path: C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
StartMode: Auto
State: Running
------------------------------------------
Name: XAudioService
Path: C:\Windows\system32\DRIVERS\xaudio.exe
StartMode: Auto
State: Running
------------------------------------------
Name: Yahoo! Updater
Path: "C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
StartMode: Auto
State: Running
------------------------------------------


*************************************************************
******************** Installed Codecs ***********************
*************************************************************
------------------------------------------
Name: C:\Windows\system32\IMAADP32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: imaadp32
------------------------------------------
Name: C:\Windows\system32\MSRLE32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msrle32
------------------------------------------
Name: C:\Windows\system32\MSVIDC32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msvidc32
------------------------------------------
Name: C:\Windows\system32\DIVX.DLL Description: DivX 6.8.5 Codec
Version: 6.8.5.5
Path: \windows\system32\
FileName: divx
------------------------------------------
Name: C:\Windows\system32\L3CODECP.ACM Description:
Version: 3.4.0.0
Path: \windows\system32\
FileName: l3codecp
------------------------------------------
Name: C:\Windows\system32\ICCVID.DLL Description:
Version: 1.10.0.13
Path: \windows\system32\
FileName: iccvid
------------------------------------------
Name: C:\Windows\system32\MSADP32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msadp32
------------------------------------------
Name: C:\Windows\system32\L3CODECA.ACM Description: Fraunhofer IIS MPEG Layer-3 Codec
Version: 1.9.0.402
Path: \windows\system32\
FileName: l3codeca
------------------------------------------
Name: C:\Windows\system32\TSBYUV.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: tsbyuv
------------------------------------------
Name: C:\Windows\system32\LVCODEC2.DLL Description:
Version: 13.0.1783.0
Path: \windows\system32\
FileName: lvcodec2
------------------------------------------
Name: C:\Windows\system32\IYUV_32.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: iyuv_32
------------------------------------------
Name: C:\Windows\system32\MSYUV.DLL Description:
Version: 6.0.6002.18158
Path: \windows\system32\
FileName: msyuv
------------------------------------------
Name: C:\Windows\system32\MSGSM32.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msgsm32
------------------------------------------
Name: C:\Windows\system32\MSG711.ACM Description:
Version: 6.0.6000.16386
Path: \windows\system32\
FileName: msg711
------------------------------------------


*************************************************************
*********************** Hot Fixes ***************************
*************************************************************
Description:
HotFixID: {331B99C1-4C7B-4E90-848E-C6F90047E126}
------------------------------------------
Description:
HotFixID: {36FE6700-97C3-4CE4-BC23-B7A127BC3987}
------------------------------------------
Description:
HotFixID: {A2B15D44-B3D7-4696-8458-A0986C28AFD0}
------------------------------------------
Description: Update
HotFixID: KB971513
------------------------------------------
Description: Update
HotFixID: KB971512
------------------------------------------
Description: Update
HotFixID: KB960362
------------------------------------------
Description: Update
HotFixID: KB971514
------------------------------------------
Description: Security Update
HotFixID: KB2079403
------------------------------------------
Description: Security Update
HotFixID: KB2160329
------------------------------------------
Description: Security Update
HotFixID: KB2183461
------------------------------------------
Description: Security Update
HotFixID: KB2286198
------------------------------------------
Description: Update
HotFixID: KB905866
------------------------------------------
Description: Update
HotFixID: KB935509
------------------------------------------
Description: Update
HotFixID: KB937287
------------------------------------------
Description: Update
HotFixID: KB938371
------------------------------------------
Description: Security Update
HotFixID: KB938464
------------------------------------------
Description: Security Update
HotFixID: KB941693
------------------------------------------
Description: Update
HotFixID: KB947562
------------------------------------------
Description: Security Update
HotFixID: KB948590
------------------------------------------
Description: Update
HotFixID: KB948609
------------------------------------------
Description: Update
HotFixID: KB948610
------------------------------------------
Description: Update
HotFixID: KB950124
------------------------------------------
Description: Update
HotFixID: KB950125
------------------------------------------
Description: Update
HotFixID: KB950126
------------------------------------------
Description: Security Update
HotFixID: KB950582
------------------------------------------
Description: Security Update
HotFixID: KB950759
------------------------------------------
Description: Security Update
HotFixID: KB950760
------------------------------------------
Description: Security Update
HotFixID: KB950762
------------------------------------------
Description: Security Update
HotFixID: KB950974
------------------------------------------
Description: Security Update
HotFixID: KB951066
------------------------------------------
Description: Update
HotFixID: KB951072
------------------------------------------
Description: Security Update
HotFixID: KB951376
------------------------------------------
Description: Update
HotFixID: KB951618
------------------------------------------
Description: Security Update
HotFixID: KB951698
------------------------------------------
Description: Update
HotFixID: KB951978
------------------------------------------
Description: Security Update
HotFixID: KB952004
------------------------------------------
Description: Security Update
HotFixID: KB952069
------------------------------------------
Description: Hotfix
HotFixID: KB952287
------------------------------------------
Description: Update
HotFixID: KB952709
------------------------------------------
Description: Security Update
HotFixID: KB953155
------------------------------------------
Description: Security Update
HotFixID: KB953733
------------------------------------------
Description: Security Update
HotFixID: KB953838
------------------------------------------
Description: Security Update
HotFixID: KB953839
------------------------------------------
Description: Security Update
HotFixID: KB954154
------------------------------------------
Description: Security Update
HotFixID: KB954155
------------------------------------------
Description: Security Update
HotFixID: KB954211
------------------------------------------
Description: Update
HotFixID: KB954366
------------------------------------------
Description: Security Update
HotFixID: KB954459
------------------------------------------
Description: Update
HotFixID: KB955020
------------------------------------------
Description: Security Update
HotFixID: KB955069
------------------------------------------
Description: Update
HotFixID: KB955302
------------------------------------------
Description: Update
HotFixID: KB955430
------------------------------------------
Description: Update
HotFixID: KB955519
------------------------------------------
Description: Update
HotFixID: KB955839
------------------------------------------
Description: Update
HotFixID: KB956250
------------------------------------------
Description: Security Update
HotFixID: KB956390
------------------------------------------
Description: Security Update
HotFixID: KB956391
------------------------------------------
Description: Security Update
HotFixID: KB956572
------------------------------------------
Description: Security Update
HotFixID: KB956744
------------------------------------------
Description: Security Update
HotFixID: KB956802
------------------------------------------
Description: Security Update
HotFixID: KB956841
------------------------------------------
Description: Security Update
HotFixID: KB957095
------------------------------------------
Description: Security Update
HotFixID: KB957097
------------------------------------------
Description: Update
HotFixID: KB957200
------------------------------------------
Description: Update
HotFixID: KB957321
------------------------------------------
Description: Update
HotFixID: KB957388
------------------------------------------
Description: Security Update
HotFixID: KB958215
------------------------------------------
Description: Update
HotFixID: KB958481
------------------------------------------
Description: Update
HotFixID: KB958483
------------------------------------------
Description: Security Update
HotFixID: KB958623
------------------------------------------
Description: Security Update
HotFixID: KB958624
------------------------------------------
Description: Security Update
HotFixID: KB958644
------------------------------------------
Description: Security Update
HotFixID: KB958687
------------------------------------------
Description: Security Update
HotFixID: KB958690
------------------------------------------
Description: Security Update
HotFixID: KB958869
------------------------------------------
Description: Update
HotFixID: KB959108
------------------------------------------
Description: Update
HotFixID: KB959130
------------------------------------------
Description: Security Update
HotFixID: KB959426
------------------------------------------
Description: Update
HotFixID: KB959772
------------------------------------------
Description: Security Update
HotFixID: KB960225
------------------------------------------
Description: Update
HotFixID: KB960544
------------------------------------------
Description: Security Update
HotFixID: KB960714
------------------------------------------
Description: Security Update
HotFixID: KB960715
------------------------------------------
Description: Security Update
HotFixID: KB960803
------------------------------------------
Description: Security Update
HotFixID: KB961260
------------------------------------------
Description: Security Update
HotFixID: KB961371
------------------------------------------
Description: Security Update
HotFixID: KB961501
------------------------------------------
Description: Update
HotFixID: KB967632
------------------------------------------
Description: Security Update
HotFixID: KB967723
------------------------------------------
Description: Update
HotFixID: KB968389
------------------------------------------
Description: Security Update
HotFixID: KB968537
------------------------------------------
Description: Security Update
HotFixID: KB968816
------------------------------------------
Description: Security Update
HotFixID: KB969898
------------------------------------------
Description: Security Update
HotFixID: KB969947
------------------------------------------
Description: Security Update
HotFixID: KB970238
------------------------------------------
Description: Security Update
HotFixID: KB970430
------------------------------------------
Description: Update
HotFixID: KB970653
------------------------------------------
Description: Security Update
HotFixID: KB970710
------------------------------------------
Description: Security Update
HotFixID: KB971468
------------------------------------------
Description: Security Update
HotFixID: KB971486
------------------------------------------
Description: Security Update
HotFixID: KB971557
------------------------------------------
Description: Security Update
HotFixID: KB971657
------------------------------------------
Description: Update
HotFixID: KB971737
------------------------------------------
Description: Security Update
HotFixID: KB971961
------------------------------------------
Description: Update
HotFixID: KB972036
------------------------------------------
Description: Update
HotFixID: KB972145
------------------------------------------
Description: Security Update
HotFixID: KB972260
------------------------------------------
Description: Security Update
HotFixID: KB972270
------------------------------------------
Description: Security Update
HotFixID: KB973346
------------------------------------------
Description: Security Update
HotFixID: KB973507
------------------------------------------
Description: Security Update
HotFixID: KB973525
------------------------------------------
Description: Security Update
HotFixID: KB973540
------------------------------------------
Description: Security Update
HotFixID: KB973565
------------------------------------------
Description: Update
HotFixID: KB973687
------------------------------------------
Description: Update
HotFixID: KB973768
------------------------------------------
Description: Update
HotFixID: KB973917
------------------------------------------
Description: Security Update
HotFixID: KB974145
------------------------------------------
Description: Update
HotFixID: KB974306
------------------------------------------
Description: Security Update
HotFixID: KB974318
------------------------------------------
Description: Security Update
HotFixID: KB974455
------------------------------------------
Description: Security Update
HotFixID: KB974469
------------------------------------------
Description: Security Update
HotFixID: KB974470
------------------------------------------
Description: Security Update
HotFixID: KB974571
------------------------------------------
Description: Security Update
HotFixID: KB975467
------------------------------------------
Description: Security Update
HotFixID: KB975517
------------------------------------------
Description: Security Update
HotFixID: KB975560
------------------------------------------
Description: Security Update
HotFixID: KB975561
------------------------------------------
Description: Hotfix
HotFixID: KB975929
------------------------------------------
Description: Update
HotFixID: KB976098
------------------------------------------
Description: Update
HotFixID: KB976264
------------------------------------------
Description: Security Update
HotFixID: KB976325
------------------------------------------
Description: Update
HotFixID: KB976470
------------------------------------------
Description: Update
HotFixID: KB976749
------------------------------------------
Description: Security Update
HotFixID: KB976768
------------------------------------------
Description: Security Update
HotFixID: KB976772
------------------------------------------
Description: Security Update
HotFixID: KB977165
------------------------------------------
Description: Security Update
HotFixID: KB977816
------------------------------------------
Description: Update
HotFixID: KB978207
------------------------------------------
Description: Security Update
HotFixID: KB978251
------------------------------------------
Description: Security Update
HotFixID: KB978262
------------------------------------------
Description: Security Update
HotFixID: KB978338
------------------------------------------
Description: Security Update
HotFixID: KB978542
------------------------------------------
Description: Security Update
HotFixID: KB978601
------------------------------------------
Description: Security Update
HotFixID: KB978886
------------------------------------------
Description: Update
HotFixID: KB979099
------------------------------------------
Description: Update
HotFixID: KB979306
------------------------------------------
Description: Security Update
HotFixID: KB979309
------------------------------------------
Description: Security Update
HotFixID: KB979482
------------------------------------------
Description: Security Update
HotFixID: KB979559
------------------------------------------
Description: Security Update
HotFixID: KB979683
------------------------------------------
Description: Update
HotFixID: KB979899
------------------------------------------
Description: Security Update
HotFixID: KB979910
------------------------------------------
Description: Update
HotFixID: KB980182
------------------------------------------
Description: Security Update
HotFixID: KB980195
------------------------------------------
Description: Security Update
HotFixID: KB980218
------------------------------------------
Description: Security Update
HotFixID: KB980232
------------------------------------------
Description: Update
HotFixID: KB980248
------------------------------------------
Description: Security Update
HotFixID: KB980436
------------------------------------------
Description: Security Update
HotFixID: KB980842
------------------------------------------
Description: Security Update
HotFixID: KB981349
------------------------------------------
Description: Update
HotFixID: KB981793
------------------------------------------
Description: Security Update
HotFixID: KB981852
------------------------------------------
Description: Security Update
HotFixID: KB981997
------------------------------------------
Description: Security Update
HotFixID: KB982214
------------------------------------------
Description: Security Update
HotFixID: KB982381
------------------------------------------
Description: Update
HotFixID: KB982480
------------------------------------------
Description: Update
HotFixID: KB982519
------------------------------------------
Description: Security Update
HotFixID: KB982665
------------------------------------------
Description: Security Update
HotFixID: KB982799
------------------------------------------
Description: Security Update
HotFixID: KB983589
------------------------------------------
Description: Service Pack
HotFixID: KB948465
------------------------------------------
Description: Update
HotFixID: 940157
------------------------------------------


*************************************************************
************************* Event Log *************************
*************************************************************

Application - 8/14/2010 6:14:37 PM: Windows Installer reconfigured the product. Product Name: Greeting Card Factory Express Workshop. Product Version: 5.0.0.5. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:38 PM: Windows Installer reconfigured the product. Product Name: Microsoft .NET Framework 4 Client Profile. Product Version: 4.0.30319. Product Language: 0. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:38 PM: Windows Installer reconfigured the product. Product Name: Adobe Media Player. Product Version: 1.8. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:39 PM: Windows Installer reconfigured the product. Product Name: Adobe Reader 9.3. Product Version: 9.3.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:39 PM: Windows Installer reconfigured the product. Product Name: Windows Live ID Sign-in Assistant. Product Version: 6.500.3165.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: MSXML 4.0 SP2 (KB973688). Product Version: 4.20.9876.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: Sonic Creator Copy. Product Version: 3.5.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:40 PM: Windows Installer reconfigured the product. Product Name: D1400_Help. Product Version: 90.0.235.000. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:41 PM: Windows Installer reconfigured the product. Product Name: Roxio Activation Module. Product Version: 1.0. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Application - 8/14/2010 6:14:41 PM: Windows Installer reconfigured the product. Product Name: TrayApp. Product Version: 110.0.180.000. Product Language: 1033. Reconfiguration success or error status: 0.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package NetTV at 06/16/2010 17:58:17. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package MCESpotlight at 06/16/2010 17:58:17. Earliest next start time 06/18/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:17 PM: Update::Run: Doesn't need to download package SportsTemplate at 06/16/2010 17:58:17. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:40 PM: MCUpdate terminates at 06/16/2010 17:58:40.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package Directory Service at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package NetTV at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package MCESpotlight at 06/16/2010 17:58:41. Earliest next start time 06/18/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package SportsSchedule at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:58:41 PM: Update::Run: Doesn't need to download package SportsTemplate at 06/16/2010 17:58:41. Earliest next start time 06/17/2010 02:00:00.
------------------------------------------
Media Center - 6/16/2010 5:59:03 PM: MCUpdate terminates at 06/16/2010 17:59:03.
------------------------------------------
Microsoft Office Diagnostics - 6/14/2010 8:03:08 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/14/2010 8:03:08 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: A crash has occurred. Office Diagnostics are running to determine whether there is evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: The default thresholds are being used.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:39:26 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: A crash has occurred. Office Diagnostics are running to determine whether there is evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: The default thresholds are being used.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: Office Diagnostics has determined that there is no evidence of repeated problems.
------------------------------------------
Microsoft Office Diagnostics - 6/17/2010 3:40:03 PM: Office Diagnostics is closing.
------------------------------------------
Microsoft Office Sessions - 8/2/2010 12:07:34 PM: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1005 seconds with 600 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/4/2010 2:49:39 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/6/2010 12:39:55 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/6/2010 1:17:23 PM: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 334 seconds with 240 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/10/2010 2:06:30 AM: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13945 seconds with 240 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 3:27:22 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 11 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 4:55:44 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 5:29:30 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/12/2010 6:25:25 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Microsoft Office Sessions - 8/13/2010 1:36:07 PM: ID: 16, Application Name: Microsoft Office Groove, Application Version: 6.0.6000.16386, Microsoft Office Version: 12.0.6425.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended normally.
------------------------------------------
Security - 8/14/2010 5:21:10 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 2

New Logon:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d39
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0xbd4
Process Name: C:\Windows\System32\winlogon.exe

Network Information:
Workstation Name: FAMILY
Source Network Address: 127.0.0.1
Source Port: 0

Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 5:21:10 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d2c

Privileges: SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
Security - 8/14/2010 5:21:14 PM: An account was logged off.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d39

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
------------------------------------------
Security - 8/14/2010 5:21:14 PM: An account was logged off.

Subject:
Security ID: S-1-5-21-2686262384-4198757005-2905472078-1005
Account Name: Yessi
Account Domain: Family
Logon ID: 0x18b4d2c

Logon Type: 2

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 6:14:03 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
Security - 8/14/2010 6:15:24 PM: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
------------------------------------------
Security - 8/14/2010 6:15:24 PM: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: FAMILY$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x2d4
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
------------------------------------------
Security - 8/14/2010 6:15:24 PM: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
------------------------------------------
System - 8/14/2010 12:00:52 PM: The system uptime is 3447 seconds.
------------------------------------------
System - 8/14/2010 12:17:49 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'WinHTTP Web Proxy Auto-Discovery Service', 'running'
------------------------------------------
System - 8/14/2010 12:18:07 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'running'
------------------------------------------
System - 8/14/2010 12:28:07 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'stopped'
------------------------------------------
System - 8/14/2010 12:34:19 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'WinHTTP Web Proxy Auto-Discovery Service', 'stopped'
------------------------------------------
System - 8/14/2010 2:37:05 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Presentation Foundation Font Cache 3.0.0.0', 'running'
------------------------------------------
System - 8/14/2010 6:14:04 PM: The description for Event ID '-1073731795' in Source 'DCOM' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'MSIServer', '', '{000C101C-0000-0000-C000-000000000046}'
------------------------------------------
System - 8/14/2010 6:14:05 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Installer', 'running'
------------------------------------------
System - 8/14/2010 6:15:25 PM: The description for Event ID '-1073731795' in Source 'DCOM' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'TrustedInstaller', '', '{752073A1-23F2-4396-85F0-8FDB879ED0ED}'
------------------------------------------
System - 8/14/2010 6:15:25 PM: The description for Event ID '1073748860' in Source 'Service Control Manager' cannot be found. The local computer may not have the necessary registry information or message DLL files to display the message, or you may not have permission to access them. The following information is part of the event:'Windows Modules Installer', 'running'
------------------------------------------


*************************************************************
**************** Windows Experience Index *******************
*************************************************************

CPU Score: 4.9
Disk Score: 5.7
Graphics Score: 3.3
Direct 3D Score: 3
Memory Score: 4.7
WEI Score: 3


*************************************************************
************************* Users *****************************
*************************************************************
------------------------------------------
Name: Adaya1996 Domain: Family
FullName: Adaya1996 Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Administrator Domain: Family
FullName: Description: Built-in account for administering the computer/domain
Disabled: True
Status: Degraded
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Elijah Domain: Family
FullName: Elijah Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Guest Domain: Family
FullName: Description: Built-in account for guest access to the computer/domain
Disabled: True
Status: Degraded
LocalAccount: True
PasswordChangeable: False
PasswordExpires: False
PasswordRequired: False
------------------------------------------
Name: Joshua Domain: Family
FullName: Joshua Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------
Name: Yessi Domain: Family
FullName: Yessi Description:
Disabled: False
Status: OK
LocalAccount: True
PasswordChangeable: True
PasswordExpires: False
PasswordRequired: True
------------------------------------------


*************************************************************
************************** Memory ***************************
*************************************************************

------------------------------------------
Manufacturer: CE00000000000000
Model:
Name: Physical Memory
Bank Label: Bank0/1
Capacity: 1024 MB
Description: Physical Memory
Tag: Physical Memory 0
------------------------------------------
Manufacturer: CE00000000000000
Model:
Name: Physical Memory
Bank Label: Bank2/3
Capacity: 1024 MB
Description: Physical Memory
Tag: Physical Memory 1
------------------------------------------


*************************************************************
************************ Video Card *************************
*************************************************************

Brand: NVIDIA
Model: NVIDIA GeForce 7100 / NVIDIA nForce 630i
Adapter DAC Type: Integrated RAMDAC
Adapter RAM: 128 MB
Current BitsPerPixel: 32
Current Number Of Colors: 4294967296
Current Refresh Rate: 59
Driver Date: 05/22/2008 18:49:00
Driver Version: 7.15.11.7521
MaxRefreshRate: 75
MinRefreshRate: 50
Status: OK
Video Memory Type: 2
Video Mode Description: 1440 x 900 x 4294967296 colors
Video Processor: GeForce 7100 / NVIDIA nForce 630i


*************************************************************
************************** Drives ***************************
*************************************************************

Model: SAMSUNG HD501LJ ATA Device
Description: Disk drive
InterfaceType: IDE
Partitions: 2
SCSIBus: 0
SCSILogicalUnit: 0
SCSIPort: 2
SCSITargetId: 0
SectorsPerTrack: 63
Size: 466 GB
Status: OK
------------------------------------------
Model: Generic- Compact Flash USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- MS/MS-Pro USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- SD/MMC USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------
Model: Generic- SM/xD-Picture USB Device
Description: Disk drive
InterfaceType: USB
Partitions: 0
SCSIBus:
SCSILogicalUnit:
SCSIPort:
SCSITargetId:
SectorsPerTrack:
Size: 0 GB
Status: OK
------------------------------------------


*************************************************************
************************ CD/DVD Rom *************************
*************************************************************

Name: TSSTcorp CDDVDW TS-H653N ATA Device
Description: CD-ROM Drive
LastErrorCode:
Manufacturer: (Standard CD-ROM drives)
Media Type: DVD Writer
------------------------------------------
Name: MagicISO Virtual DVD-ROM0000
Description: CD-ROM Drive
LastErrorCode:
Manufacturer: (Standard CD-ROM drives)
Media Type: DVD-ROM
------------------------------------------


*************************************************************
************************* IDE/SATA **************************
*************************************************************

------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Standard Dual Channel PCI IDE Controller
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Standard Dual Channel PCI IDE Controller
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: IDE Channel
Last Error Code:
Status: OK
------------------------------------------


*************************************************************
************************** Network **************************
*************************************************************


Windows IP Configuration

Host Name . . . . . . . . . . . . : Family
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Belkin

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-1C-25-E7-1E-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 14, 2010 11:04:04 AM
Lease Expires . . . . . . . . . . : Wednesday, September 21, 2146 12:45:44 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled


*************************************************************
********************* Systerm Restore ***********************
*************************************************************

------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 07/29/2010 05:54:18
SequenceNumber: 1215
------------------------------------------
Description: Windows Update
Creation Time: 07/29/2010 07:00:24
SequenceNumber: 1216
------------------------------------------
Description: Windows Update
Creation Time: 07/30/2010 03:47:02
SequenceNumber: 1217
------------------------------------------
Description: Windows Update
Creation Time: 07/30/2010 04:24:19
SequenceNumber: 1218
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 07/30/2010 19:52:00
SequenceNumber: 1219
------------------------------------------
Description: Windows Update
Creation Time: 07/31/2010 07:00:34
SequenceNumber: 1220
------------------------------------------
Description: Windows Update
Creation Time: 08/01/2010 07:12:17
SequenceNumber: 1221
------------------------------------------
Description: Windows Update
Creation Time: 08/02/2010 11:13:45
SequenceNumber: 1222
------------------------------------------
Description: Windows Update
Creation Time: 08/03/2010 05:54:45
SequenceNumber: 1223
------------------------------------------
Description: Windows Update
Creation Time: 08/03/2010 15:43:11
SequenceNumber: 1224
------------------------------------------
Description: Windows Update
Creation Time: 08/04/2010 15:12:49
SequenceNumber: 1225
------------------------------------------
Description: Windows Update
Creation Time: 08/05/2010 08:44:38
SequenceNumber: 1226
------------------------------------------
Description: Windows Update
Creation Time: 08/06/2010 08:13:15
SequenceNumber: 1227
------------------------------------------
Description: Windows Update
Creation Time: 08/06/2010 08:26:37
SequenceNumber: 1228
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/07/2010 05:21:18
SequenceNumber: 1229
------------------------------------------
Description: Windows Update
Creation Time: 08/07/2010 08:01:09
SequenceNumber: 1230
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/08/2010 03:53:15
SequenceNumber: 1231
------------------------------------------
Description: Windows Update
Creation Time: 08/08/2010 14:44:00
SequenceNumber: 1232
------------------------------------------
Description: Revo Uninstaller's restore point - My Web Search (Retrogamer)
Creation Time: 08/08/2010 16:12:50
SequenceNumber: 1233
------------------------------------------
Description: Windows Update
Creation Time: 08/09/2010 16:50:51
SequenceNumber: 1234
------------------------------------------
Description: Windows Update
Creation Time: 08/09/2010 17:12:30
SequenceNumber: 1235
------------------------------------------
Description: Windows Update
Creation Time: 08/10/2010 07:00:38
SequenceNumber: 1236
------------------------------------------
Description: Scheduled Checkpoint
Creation Time: 08/10/2010 22:23:33
SequenceNumber: 1237
------------------------------------------
Description: Windows Update
Creation Time: 08/11/2010 10:52:03
SequenceNumber: 1238
------------------------------------------
Description: Windows Update
Creation Time: 08/12/2010 19:14:09
SequenceNumber: 1239
------------------------------------------
Description: Windows Update
Creation Time: 08/12/2010 19:47:52
SequenceNumber: 1240
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 00:09:23
SequenceNumber: 1241
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 05:50:31
SequenceNumber: 1242
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 15:49:27
SequenceNumber: 1243
------------------------------------------
Description: Windows Update
Creation Time: 08/13/2010 17:30:43
SequenceNumber: 1244
------------------------------------------
Description: Windows Update
Creation Time: 08/14/2010 07:00:36
SequenceNumber: 1245
------------------------------------------


*************************************************************
******************** Running Processes **********************
*************************************************************

------------------------------------------
Name: System Idle Process
------------------------------------------
Name: System
------------------------------------------
Name: smss.exe
------------------------------------------
Name: csrss.exe
------------------------------------------
Name: wininit.exe
------------------------------------------
Name: csrss.exe
------------------------------------------
Name: services.exe
------------------------------------------
Name: lsass.exe
------------------------------------------
Name: lsm.exe
------------------------------------------
Name: winlogon.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: nvvsvc.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: audiodg.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: SLsvc.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: spoolsv.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: dwm.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------
Name: BelkinService.exe
------------------------------------------
Name: explorer.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: AppleMobileDeviceService.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------
Name: avp.exe
------------------------------------------
Name: mDNSResponder.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: LSSrvc.exe
------------------------------------------
Name: LVPrcSrv.exe
------------------------------------------
Name: McSACore.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: ViewpointService.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: WLIDSVC.EXE
------------------------------------------
Name: SearchIndexer.exe
------------------------------------------
Name: XAudio.exe
------------------------------------------
Name: YahooAUService.exe
------------------------------------------
Name: SDWinSec.exe
------------------------------------------
Name: WUDFHost.exe
------------------------------------------
Name: WLIDSVCM.EXE
------------------------------------------
Name: MSASCui.exe
------------------------------------------
Name: RtHDVCpl.exe
------------------------------------------
Name: hpsysdrv.exe
------------------------------------------
Name: OSD.exe
------------------------------------------
Name: wpcumi.exe
------------------------------------------
Name: rundll32.exe
------------------------------------------
Name: GrooveMonitor.exe
------------------------------------------
Name: RoxWatchTray9.exe
------------------------------------------
Name: wmdc.exe
------------------------------------------
Name: jusched.exe
------------------------------------------
Name: avp.exe
------------------------------------------
Name: GoogleQuickSearchBox.exe
------------------------------------------
Name: sidebar.exe
------------------------------------------
Name: veohwebplayer.exe
------------------------------------------
Name: ehtray.exe
------------------------------------------
Name: Rainlendar2.exe
------------------------------------------
Name: ISUSPM.exe
------------------------------------------
Name: TeaTimer.exe
------------------------------------------
Name: Aston2.exe
------------------------------------------
Name: DesktopIconToy.exe
------------------------------------------
Name: GoogleToolbarNotifier.exe
------------------------------------------
Name: wmpnscfg.exe
------------------------------------------
Name: ehmsas.exe
------------------------------------------
Name: wmpnetwk.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: mobsync.exe
------------------------------------------
Name: HPHC_Service.exe
------------------------------------------
Name: wmplayer.exe
------------------------------------------
Name: jucheck.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: PresentationFontCache.exe
------------------------------------------
Name: wuauclt.exe
------------------------------------------
Name: chrome.exe
------------------------------------------
Name: firefox.exe
------------------------------------------
Name: klwtblfs.exe
------------------------------------------
Name: plugin-container.exe
------------------------------------------
Name: VistaForums SysInfo.exe
------------------------------------------
Name: WmiPrvSE.exe
------------------------------------------
Name: msiexec.exe
------------------------------------------
Name: TrustedInstaller.exe
------------------------------------------
Name: VSSVC.exe
------------------------------------------
Name: svchost.exe
------------------------------------------
Name: taskeng.exe
------------------------------------------

 

[niemiro]

I can't create the zip file. Is giving me an ERROR message.
It says:
File not found or no read permission.

Hello,

Thanks for that! Go back, and try to zip up the entire Minidump folder, and if that still doesn't work, we will change tack, and I will show you another method that works just as well.

 

[felinaboricua21]

It doesn't work either.

 

[niemiro]

Hello,

We will change tack. Sorry to be pushy, but we need those files. Please copy all of the contents of C:\Windows\Minidump to your Desktop. Now try to zip them up, and upload, but if it still doesn't work, please read on.

Open up Start Orb > Documents and press the Alt key.

Now in the drop downs that most people never knew existed in Vista, select Tools > View tab > Uncheck "Hide extensions for known file types" > OK and go back to your desktop.

Please now rename all of those Minidump files from minidump****.dmp to minidump****.txt, and click Yes, you are sure you want to change the file extension.

Please do this to all of them, so that they open up meaningless symbols in Notepad, and the icon changes, and then upload them to all to your next post.

Once you have done this, you may switch off file extensions, so:

Open up Start Orb > Documents and press the Alt key.

Now in the drop downs that most people never knew existed in Vista, select Tools > View tab > Check "Hide extensions for known file types" > OK and go back to your desktop.

Richard

P.S. Any luck on the rest of the post? Don't worry though, all in good time.

 

[felinaboricua21]

Finally I was able to do it. Let me know if you can see it.
I'm going to work on the rest and I let you know as soon as I finish.

 

[felinaboricua21]

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4433

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/15/2010 1:45:57 PM
mbam-log-2010-08-15 (13-45-57).txt

Scan type: Quick scan
Objects scanned: 184470
Time elapsed: 15 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 11
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Joshua.Family\downloads\RetrogamerSetup2.3.69.8.RGman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Joshua.Family\downloads\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

 

[niemiro]

Finally I was able to do it. Let me know if you can see it.
I'm going to work on the rest and I let you know as soon as I finish.

Wonderful, it is all these lovely new Vista Security Features that cause the problems. Thanks for the rest, and I have already seen something important in the MBAM log.

 

[felinaboricua21]

-----------\\ ToolBar S&D 1.2.9 XP/Vista


"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( Sun 08/15/2010|20:22 )

[ UAC => 1 ]

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com"
"Default_Page_URL"="http://www.yahoo.com/?fr=fp-yie8"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Yessi\AppData\Roaming\Azureus\torrents\Chief_Architect_X1_v11.4.1.7_Keygen.4207351.TPB[1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\chief_arch_x1_patchCrack.exe_[mininova][1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\o[SUMOTorrent.com]o_Chief_Architect_X1_11.5.4.17_Full_Final__keygen_ST1728594[1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\o{SUMOTorrent.com}o_Chief_Architect_X1_11.5.4.17_Full_Final__keygen_ST1728594[1].torrent
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 v11.4.1.7 Keygen
C:\Users\Yessi\Documents\Azureus Downloads\chief_arch_x1_patchCrack.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen\X1_full_5_4.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen\X1_full_5_4.nfo
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\keygen
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\X1_full_5_4.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\X1_full_5_4.nfo
C:\Users\Yessi\Documents\LimeWire\Saved\chief_arch_x1_patchCrack.exe
C:\Users\Yessi\Music\old-iTunes\iTunes Music\Compilations\Life After Death [Disc 2]\2-05 Ten Crack Commandments.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - Sun 08/15/2010|20:23 - Option : [2]

-----------\\ Scan completed at 20:23:19.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:55 PM, on 8/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Aston2\Aston2.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aston2] "C:\Program Files\Aston2\Aston2.exe"
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1007\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Joshua')
O4 - S-1-5-21-2686262384-4198757005-2905472078-1007 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Joshua')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://p.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page Not Found | Facebook
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://p.playfirst.com/play/game/fitness-dash/FitnessDashWeb.1.0.0.11.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://p.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.10.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540400} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18729 bytes

 

[felinaboricua21]

This is the same. I repeated it by mistake.

-----------\\ ToolBar S&D 1.2.9 XP/Vista


"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( Sun 08/15/2010|20:22 )

[ UAC => 1 ]

-----------\\ Searching for Files - Folders ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com"
"Default_Page_URL"="http://www.yahoo.com/?fr=fp-yie8"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
"Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Presario&pf=desktop"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"


--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\Users\Yessi\AppData\Roaming\Azureus\torrents\Chief_Architect_X1_v11.4.1.7_Keygen.4207351.TPB[1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\chief_arch_x1_patchCrack.exe_[mininova][1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\o[SUMOTorrent.com]o_Chief_Architect_X1_11.5.4.17_Full_Final__keygen_ST1728594[1].torrent
C:\Users\Yessi\AppData\Roaming\Azureus\torrents\o{SUMOTorrent.com}o_Chief_Architect_X1_11.5.4.17_Full_Final__keygen_ST1728594[1].torrent
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 v11.4.1.7 Keygen
C:\Users\Yessi\Documents\Azureus Downloads\chief_arch_x1_patchCrack.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen\X1_full_5_4.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen\X1_full_5_4.nfo
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\keygen
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\X1_full_5_4.exe
C:\Users\Yessi\Documents\Azureus Downloads\Chief Architect X1 11.5.4.17 Full Final + keygen-1\X1_full_5_4.nfo
C:\Users\Yessi\Documents\LimeWire\Saved\chief_arch_x1_patchCrack.exe
C:\Users\Yessi\Music\old-iTunes\iTunes Music\Compilations\Life After Death [Disc 2]\2-05 Ten Crack Commandments.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - Sun 08/15/2010|20:23 - Option : [2]

-----------\\ Scan completed at 20:23:19.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
New HijackThis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:55 PM, on 8/15/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\wpcumi.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Aston2\Aston2.exe
C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Aston2] "C:\Program Files\Aston2\Aston2.exe"
O4 - HKCU\..\Run: [DesktopIconToy] C:\Program Files\Desktop Icon Toy\DesktopIconToy.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US (User 'Adaya1996')
O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1007\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Joshua')
O4 - S-1-5-21-2686262384-4198757005-2905472078-1007 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Joshua')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://p.playfirst.com/play/game/fashiondash/fashiondashweb.1.0.0.21.cab
O16 - DPF: {068BFA33-99F4-4BA9-887D-182386FA2931} (CPlayFirstDinerDashControl Object) - http://p.playfirst.com/play/game/spongebobdash/SpongeBobDinerDashWeb.1.0.0.17.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page Not Found | Facebook
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://p.playfirst.com/play/game/cookingdash/CookingDashWeb.1.0.0.9.cab
O16 - DPF: {26E6B759-DEEB-42A1-A21C-78CD29098411} (CPlayFirstFitnessDasControl Object) - http://p.playfirst.com/play/game/fitness-dash/FitnessDashWeb.1.0.0.11.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://p.playfirst.com/play/game/doggiedash/DoggieDash.1.0.0.10.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540400} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-489553540003} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://www.playfirst.com/play/game/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/insaniquarium/sis/popcaploader_v10.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 18729 bytes

 

[niemiro]

Hello,

I am going to remove Adware.MyWebSearch, and Foistware Viewpoint software. The Viewpoint Toolbar, is not exactly evil, but it slows things down, displays advertisements, and pop-ups, and generally gets in the way. NOTE: I am only removing the Viewpoint Toolbar, and not the rest of the program. Unless you have a very strong reason not to remove these two programs, please follow this fix. Otherwise, the rest has been taken care of, and after this, your log will probably be clean.

STEP ONE:

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-21-2686262384-4198757005-2905472078-1002\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe (User 'Adaya1996')

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - Page Not Found | Facebook

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

My Web Search (Smiley Central or FWP product as applicable)
My WaySpeedbar (Smiley Central or other FWP as applicable)
My WaySpeedbar (AOL and Yahoo Messengers) (beta users only)
My WaySpeedbar (Outlook, Outlook Express, and IncrediMail)
SearchAssistant - My Way
Viewpoint Toolbar

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\MyWebSearch
C:\Program Files\FunWebProducts
C:\Program Files\MyWaySA
C:\Program Files\MyGlobalSearch
C:\Program Files\MySearch

After that, Reboot.


STEP TWO:

Re-open Malwarebytes Anti-Malware, and check for and install the available updates.

• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


STEP THREE:

You have several old programs that need to be updated, because otherwise you will be open to security holes. To find out which programs need updating, please:

Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Thanks!

Richard

P.S. If you are still worried about this Adware (and I really don't think there is anything to worry about, tell me) Also, I have had a quick look at your Minidumps, and called in the expert, who, to confuse matters further, will probably be called Richard as well!

 

[richc46]

Background. You have 18 dump files, and about 6 different causes of your BSODs. I will analyze the reports and submit the analysis to you. Please remember these reports are not definitive, they lead us to the vicinity of our destination and then stop short. It sometimes requires a little trial and error to reach our goal

STOP 0x0000009F: DRIVER_POWER_STATE_FAILURE
Usual causes: Device driver

STOP 0x0000000A: IRQL_NOT_LESS_OR_EQUAL
Usual causes: Kernel mode driver, System Service, BIOS, Windows, Virus scanner, Backup tool, compatibility

STOP 0x000000FC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY Usual causes: Device driver

STOP 0x0000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED (go to top of page)
Usual causes: Insufficient disk space, Device driver, Video card, BIOS, Breakpoint in startup without having a debugger attached, Hardware incompatibility, Faulty system service, 3rd party remote control, Memory

STOP 0x000000D1: DRIVER_IRQL_NOT_LESS_OR_EQUAL (go to top of page)
Usual causes: Device driver

STOP 0x0000008E: KERNEL_MODE_EXCEPTION_NOT_HANDLED
Usual causes: Insufficient disk space, Device driver, Video card, BIOS, Breakpoint in startup without having a debugger attached, Hardware incompatibility, Faulty system service, 3rd party remote control, Memory

STOP 0x000000C2: BAD_POOL_CALLER Usual causes: Device driver, Memory

Outdated Drivers

  mdmxsdk.sys  Mon Jun 19 17:26:59 2006
secdrv.SYS   Wed Sep 13 09:18:32 2006
peauth.sys   Mon Oct 23 04:55:32 2006
pcouffin.sys Tue Dec 05 09:39:53 2006
PxHelp20.sys Wed Jun 20 18:26:00 2007
spldr.sys    Thu Jun 21 20:29:17 2007
X4HSX32.Sys  Thu Sep 20 04:46:14 2007
xaudio.sys   Thu Oct 18 18:36:53 2007
nvmfdx32.sys Sat Nov 17 18:46:42 2007
intelppm.sys Sat Jan 19 00:27:20 2008
cdfs.sys     Sat Jan 19 00:28:02 2008
bowser.sys   Sat Jan 19 00:28:26 2008
luafv.sys    Sat Jan 19 00:30:35 2008
wmiacpi.sys  Sat Jan 19 00:32:47 2008
msisadrv.sys Sat Jan 19 00:32:51 2008
mssmbios.sys Sat Jan 19 00:32:55 2008
fileinfo.sys Sat Jan 19 00:34:27 2008
Dxapi.sys    Sat Jan 19 00:36:12 2008
Beep.SYS     Sat Jan 19 00:49:10 2008
mountmgr.sys Sat Jan 19 00:49:13 2008
mouclass.sys Sat Jan 19 00:49:14 2008
kbdclass.sys Sat Jan 19 00:49:14 2008
i8042prt.sys Sat Jan 19 00:49:17 2008
swenum.sys   Sat Jan 19 00:49:20 2008
SCSIPORT.SYS Sat Jan 19 00:49:44 2008
volmgr.sys   Sat Jan 19 00:49:51 2008
crcdisk.sys  Sat Jan 19 00:50:29 2008
vga.sys      Sat Jan 19 00:52:06 2008
VIDEOPRT.SYS Sat Jan 19 00:52:10 2008
WDFLDR.SYS   Sat Jan 19 00:52:19 2008
monitor.sys  Sat Jan 19 00:52:19 2008
Wdf01000.sys Sat Jan 19 00:52:21 2008
WUDFPf.sys   Sat Jan 19 00:52:49 2008
WUDFRd.sys   Sat Jan 19 00:53:04 2008
WMILIB.SYS   Sat Jan 19 00:53:08 2008
USBD.SYS     Sat Jan 19 00:53:17 2008
1394BUS.SYS  Sat Jan 19 00:53:27 2008
usbccgp.sys  Sat Jan 19 00:53:29 2008
umbus.sys    Sat Jan 19 00:53:40 2008
mpsdrv.sys   Sat Jan 19 00:54:45 2008
rspndr.sys   Sat Jan 19 00:55:03 2008
lltdio.sys   Sat Jan 19 00:55:03 2008
ndisuio.sys  Sat Jan 19 00:55:40 2008
tunmp.sys    Sat Jan 19 00:55:40 2008
netbios.sys  Sat Jan 19 00:55:45 2008
nsiproxy.sys Sat Jan 19 00:55:50 2008
ndistapi.sys Sat Jan 19 00:56:24 2008
NDProxy.SYS  Sat Jan 19 00:56:28 2008
wanarp.sys   Sat Jan 19 00:56:31 2008
rasacd.sys   Sat Jan 19 00:56:31 2008
rasl2tp.sys  Sat Jan 19 00:56:33 2008
raspptp.sys  Sat Jan 19 00:56:34 2008
ws2ifsl.sys  Sat Jan 19 00:56:49 2008
TDI.SYS      Sat Jan 19 00:57:10 2008
RootMdm.sys  Sat Jan 19 00:57:14 2008
modem.sys    Sat Jan 19 00:57:16 2008
RDPCDD.sys   Sat Jan 19 01:01:08 2008
TSDDD.dll    Sat Jan 19 01:01:09 2008
rdpencdd.sys Sat Jan 19 01:01:09 2008
serscan.sys  Sat Jan 19 01:14:10 2008
drmk.sys     Sat Jan 19 01:53:02 2008
BOOTVID.dll  Sat Jan 19 02:27:15 2008
[COLOR=yellowgreen]sptd.sys     Wed Mar 05 19:32:57 2008[/COLOR]
HSX_DP.sys   Thu May 08 16:03:14 2008
HSX_CNXT.sys Thu May 08 16:04:13 2008
HSXHWBS2.sys Thu May 08 16:05:16 2008
nvlddmkm.sys Thu May 22 18:51:06 2008
SymIMv.sys   Wed Jun 04 20:46:26 2008
mcdbus.sys   Sun Jul 13 09:10:43 2008

Drivers that must be replaced for reasons other than age, together with pertinent information

Lvuvc.sys
Logitech USB Video Class Driver - Logitech QuickCam - Logitech Inc.
Productname: Logitech QuickCam
Description: Logitech USB Video Class Driver
Company: Logitech Inc.

Probable cause of your BSOD, see above

Probable Solution: After each step try your computer and see how it works. If the problem is resolved there will be no reason to continue with the suggested solution.

Uninstall your anti virus and replace with that shown above. Use this uninstall tool:http://support.kaspersky.com/faq/?qid=208279463
Update the driver for your graphics card.
Uninstall your virtualization program (Daemon, Alchohol 120% etc) The driver of these programs are a known cause of BSOD. The driver SPTD has to be removed with this uninstall tool: http://www.duplexsecure.com/en/downloads
Update the driver lvuvc.sys from your webcam. This was shown on the report as a potential cause. Update from company website, not the automatic windows update.
Test your ram with memtest86. Run for 6 passes. Then test each socket with a known good stick of ram http://memtest.org/
Use the Driver Verifier Test to test which old drivers should be replaced. It is impractical to replace such a large number of drivers http://www.sevenforums.com/crash-lo...-driver-verifier-identify-issues-drivers.html
Since there are so many BSOD and 7 different causes, very possibly it is hardware related. Memory was already tested, the hard drive should be tested, also:http://www.carrona.org/hddiag.html If none of these solutions work other hardware test will be suggested.
Run an SFC: http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html
Scan with your antivirus

Do one step at a time and then use the computer. There is no reason to continue the steps if the problem is resolved.

 

[niemiro]

Hello,

Since quite a lot of your BSoDs can be tied to your Kaspersky Internet Security, and some others can't, but may well still have been caused Kaspersky, we need to remove it. This removal will probably be permanent, but at least for a bit, we need to see what happens with it removed, and I strongly think that the number of BSoDs can be reduced significantly.

I am telling you at the end to install Microsoft Security Essentials (MSE), which has swept the board, and most professionals now recommend it. It (arguably) has a better detection rate, and in my opinion is better than Kaspersky 2010. Kaspersky 2011 is supposed to be better, but I have never tried it, and can't speak for it personally. MSE is much easier to use, look at, and much slimmer on system resources. However, there is a right and wrong way to remove Kaspersky, so please follow the instructions below.


STEP ONE:

Make sure you have a copy of your Kaspersky Product Key, just in case.


STEP TWO:

Please download, and run this tool in SAFE MODE (with Networking is also fine) Removal tool for Kaspersky Lab products


STEP THREE:

Once everything has been removed, there is still one component that is accidentally missed by this removal program, needs manual removal, or more easily, can be dealt with by HiJackThis. Please boot back into Normal mode, re-open HiJackThis, put a check next to the following item (if it still exists) and click Fix Checked:

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll


STEP FOUR:

Now that Kaspersky has been properly removed, we need to install MSE. No reboot is required after the previous step.

Please download, install, and update MSE from here: http://www.microsoft.com/security_essentials/


All done!

P.S. I have been asked to remind you that the above guidelines (the BSoD steps by richc46) are steps, and not to be done all at once. Please work down them, one at a time, testing for BSoDs, until things are improving, as turning on Driver Verifier at the very start will not help matters, and is designed for when things get desperate!

 

[richc46]

You just taught me. I thought it was all done after the removal tool.

 

[niemiro]

You just taught me. I thought it was all done after the removal tool.

It should be, but what a lovely bug not to bother to fix. It is very easy to do as well!

Because this user does not have any other AppInit_DLLs, (we can tell this from the HiJackThis log - look for more O20 entries) then all we need to do is empty the AppInit_DLLs value (empty, not delete) It gets more complex if the user has other AppInit_DLLs (O20 entries) as we have to put them back in. Therefore, for this user, the .reg fix would be:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Personally, less chance of a mistake with HJT, and easier, but just showing other methods!

Richard

@ felinaboricua21: I know we have set you a lot to do here. Work through it slowly and methodically, and do not worry about replying fast, just post when you are ready.

 

[richc46]

felinaboricua21:
I cannot be sure, but it is my feeling that the AntiVirus may be the cause. It was mentioned in 3 out of 18 reports, each time with a different driver. That is the first step, be sure to test the computer thoroughly before attempting the next step. Why do extra work?
If after completion you still get BSOD, dont worry. These reports are not definitive. Each report bring us closer to our destination with extra information. Good luck.

 

[felinaboricua21]

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4433

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

8/16/2010 7:43:40 PM
mbam-log-2010-08-16 (19-43-40).txt

Scan type: Quick scan
Objects scanned: 184703
Time elapsed: 17 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Kaspersky Internet Security 2010
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 18
Java(TM) SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Internet Security 2010 avp.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

 

[richc46]

If you have any questions just ask. Take your time do one thing at a time. We will get this done.