info.txt logfile of random's system information tool 1.10 2014-11-07 20:26:21 ======MBR====== 0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9A9358010000008020210007DF130C000800000020030000DF140C07FEFFFF0028030000B06F1900FEFFFF07FEFFFF00D872190078A9030000000000000000000000000000000055AA ======Uninstall list====== Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A} Adobe Creative Cloud-->"C:\Program Files\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe" Adobe Dreamweaver CC 2014-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{766255CE-D156-11E3-8DBC-A136EB52ACCF}" Adobe Extension Manager CC-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}" Adobe Flash Player 15 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe -maintain activex Adobe Flash Player 15 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil32_15_0_0_152_Plugin.exe -maintain plugin Adobe Flash Professional CS6-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" Adobe Help Manager-->msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1} Adobe Help Manager-->MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1} Adobe Illustrator CC 2014 (32 Bit)-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{8913FAF3-5BFE-45BA-AF57-67AF4BA67898}" Adobe Photoshop CC 2014 (32 Bit)-->C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{7C25E7A0-A0A1-4B87-BB30-BF0FBDC37878}" Adobe Reader XI (11.0.09) - Nederlands-->MsiExec.exe /I{AC76BA86-7AD7-1043-7B44-AB0000000001} Apple Application Support-->MsiExec.exe /I{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A} Apple Mobile Device Support-->MsiExec.exe /I{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD} Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE} AVG 2015-->"C:\Program Files\AVG\AVG2015\avgmfapx.exe" /AppMode=SETUP /Uninstall /UDS=1 AVG 2015-->MsiExec.exe /I{4934BA42-B911-4860-88CA-361DB606AEAA} AVG 2015-->MsiExec.exe /I{7024FB0E-1548-4B38-A35C-68658071AAC4} Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B} Cloud System Booster-->C:\Program Files\Anvisoft\Cloud System Booster\UnInstall.exe FileZilla Client 3.9.0.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe Full Tilt Poker.Eu-->C:\Program Files\Full Tilt Poker.Eu\uninstall.exe Google Chrome-->"C:\Program Files\Google\Chrome\Application\37.0.2062.102\Installer\setup.exe" --uninstall --multi-install --chrome --system-level Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} HitmanPro 3.7-->"C:\Users\Ans\Desktop\HitmanPro35A.exe" /uninstall Instant Eyedropper 1.75-->"C:\Program Files\InstantEyedropper\unins000.exe" iTunes-->MsiExec.exe /I{0A37EE62-9A58-420D-90CC-4E52153112EE} Java 7 Update 67-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F03217067FF} Java 8 Update 25-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0} KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe Microsoft .NET Framework 4.5.1-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe /repair /x86 Microsoft .NET Framework 4.5.1-->MsiExec.exe /X{4903D172-DCCB-392F-93A3-34CA9D47FE3D} Microsoft Security Client-->MsiExec.exe /X{107F27B7-8EE4-4B3A-9CE5-497B120369DC} Microsoft Security Essentials-->"C:\Program Files\Microsoft Security Client\Setup.exe" /x Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F} Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030-->"C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe" /uninstall Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030-->MsiExec.exe /X{B175520C-86A2-35A7-8619-86DC379688B9} Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030-->MsiExec.exe /X{BD95A8CD-1D9F-35AD-981A-3E7925026EBB} Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C} Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403} Mozilla Firefox 32.0.3 (x86 nl)-->"C:\Program Files\Mozilla Firefox\uninstall\helper.exe" Mozilla Maintenance Service-->"C:\Program Files\Mozilla Maintenance Service\uninstall.exe" NVIDIA Graphics Driver 327.02-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{348A7993-0FAC-4FE2-803C-E2257DC85E4F}\NVI2.DLL",UninstallPackage Display.Driver NVIDIA Update 1.14.17-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{348A7993-0FAC-4FE2-803C-E2257DC85E4F}\NVI2.DLL",UninstallPackage Display.Update OpenOffice.org 3.4.1-->MsiExec.exe /I{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4} PDF Settings CS6-->MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1} PokerStars.eu-->"C:\Program Files\PokerStars.EU\PokerStarsUninstall.exe" /u:PokerStars.eu QuickTime 7-->MsiExec.exe /I{111EE7DF-FC45-40C7-98A7-753AC46B12FB} Search App by Ask-->MsiExec.exe /X{4F524A2D-5350-4500-76A7-A758B70C1200} Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {1531A92E-2552-384F-B942-06A5D18DFA13} Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {8086EDC0-3409-3560-B108-44FC46882443} Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {FED9B2BC-E6D7-3409-B4C9-99AF8AC65725} Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {054F96E9-E89B-3DDB-AA70-A65194B921B4} Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {CBD8D84A-257A-3A60-9819-5DF166F9CD25} Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {4DC3F78D-5CCF-37B9-9A05-EDDC456F4F20} Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe /uninstallpatch {1863F765-CBE8-3EB3-B434-CA6B6DF2561E} Skype™ 6.18-->MsiExec.exe /X{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7} SmartFTP Client-->MsiExec.exe /X{A647ECAA-1D9A-4616-B5A1-8B0183ECB660} Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} WampServer 2.5-->"c:\wamp\unins000.exe" WinRAR 5.10 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe ======System event log====== Computer Name: Ans-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 4219 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20140720012027.714129-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Ans-PC Event Code: 219 Message: The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_APPLE&PROD_IPOD&REV_2.70#000A270023C24F0C&0#. Record Number: 4027 Source Name: Microsoft-Windows-Kernel-PnP Time Written: 20140719125559.268816-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Ans-PC Event Code: 4 Message: Broadcom NetLink (TM) Gigabit Ethernet: The network link is down. Check to make sure the network cable is properly connected. Record Number: 3799 Source Name: b57nd60x Time Written: 20140719115743.886490-000 Event Type: Warning User: Computer Name: Ans-PC Event Code: 4001 Message: WLAN AutoConfig service has successfully stopped. Record Number: 3786 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20140719115622.734960-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Ans-PC Event Code: 7023 Message: The Windows Font Cache Service service terminated with the following error: The process cannot access the file because it is being used by another process. Record Number: 3748 Source Name: Service Control Manager Time Written: 20140719115557.088515-000 Event Type: Error User: =====Application event log===== Computer Name: Ans-PC Event Code: 4101 Message: Failed auto update retrieval of third-party root certificate from: with error: 12029 (0x2efd). Record Number: 386 Source Name: Microsoft-Windows-CAPI2 Time Written: 20140717132251.546068-000 Event Type: Error User: Computer Name: Ans-PC Event Code: 6004 Message: The winlogon notification subscriber failed a critical notification event. Record Number: 336 Source Name: Microsoft-Windows-Winlogon Time Written: 20140717123953.000000-000 Event Type: Warning User: Computer Name: Ans-PC Event Code: 1530 Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 3 user registry handles leaked from \Registry\User\S-1-5-21-491756727-1097897781-2830869460-1001: Process 440 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-491756727-1097897781-2830869460-1001 Process 4240 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-491756727-1097897781-2830869460-1001\Software\Microsoft\Windows\CurrentVersion\Explorer Process 4240 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-491756727-1097897781-2830869460-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts Record Number: 284 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20140717014459.646498-000 Event Type: Warning User: NT AUTHORITY\SYSTEM Computer Name: Ans-PC Event Code: 11 Message: Possible Memory Leak. Application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 980) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (10). User Action: Contact your application vendor for an updated version of the application. Record Number: 163 Source Name: Microsoft-Windows-RPC-Events Time Written: 20140717003156.043868-000 Event Type: Warning User: NT AUTHORITY\LOCAL SERVICE Computer Name: 37L4247D28-05 Event Code: 1008 Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 153 Source Name: Microsoft-Windows-Search Time Written: 20140717002834.000000-000 Event Type: Warning User: =====Security event log===== Computer Name: 37L4247D28-05 Event Code: 4735 Message: A security-enabled local group was changed. Subject: Security ID: S-1-5-18 Account Name: 37L4247D28-05$ Account Domain: WORKGROUP Logon ID: 0x3e7 Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Changed Attributes: SAM Account Name: - SID History: - Additional Information: Privileges: - Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140717001035.739697-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4731 Message: A security-enabled local group was created. Subject: Security ID: S-1-5-18 Account Name: 37L4247D28-05$ Account Domain: WORKGROUP Logon ID: 0x3e7 New Group: Security ID: S-1-5-32-551 Group Name: Backup Operators Group Domain: Builtin Attributes: SAM Account Name: Backup Operators SID History: - Additional Information: Privileges: - Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140717001035.739697-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4902 Message: The Per-user audit policy table was created. Number of Elements: 0 Policy ID: 0x25dab Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140717001035.380896-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 0 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x4 Process Name: Network Information: Workstation Name: - Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: - Authentication Package: - Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140717001033.321692-000 Event Type: Audit Success User: Computer Name: 37L4247D28-05 Event Code: 4608 Message: Windows is starting up. This event is logged when LSASS.EXE starts and the auditing subsystem is initialized. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20140717001033.134492-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=0f0a "asl.log"=Destination=file -----------------EOF-----------------