Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit Infection? Bagle/beagle? (srosa.sys Found)


  • This topic is locked This topic is locked
2 replies to this topic

#1 bahamas

bahamas

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 24 May 2008 - 11:01 PM

I have stupidly executed a DL from emule, assuming my Antivir protection would ward off any bad stuff.
When I executed, the hourglass kept hovering for a while, and then BSD! On reboot, I noticed the absence of Antivir. Tried reinstall, also Norton and Kaspersky: all installs failed because one or several crucial files were never copied (or instantly deleted). Googled for help, found hints to the Bagle worm - also found srosa.sys on my sy,ptom
Ran blacklight, below is the log.

I have followed your instructions, see below.

Can anyone help me?

Cheers,
Hans

main.txt
---------
Deckard's System Scanner v20071014.68
Run by mosbergh on 2008-05-24 23:47:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-05-25 03:47:36 UTC - RP404 - Deckard's System Scanner Restore Point
26: 2008-05-24 23:09:56 UTC - RP403 - System Checkpoint
25: 2008-05-23 23:01:36 UTC - RP402 - Installed Kaspersky Anti-Virus 7.0.
24: 2008-05-23 20:58:16 UTC - RP401 - Installed Kaspersky Anti-Virus 7.0.
23: 2008-05-23 19:27:18 UTC - RP400 - Avira AntiVir Personal - 5/23/2008 15:25


-- First Restore Point --
1: 2008-05-10 00:00:28 UTC - RP378 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 2.62 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-24 23:50:11
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\HotKey Utility\HKServ.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\system32\ico.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\rapimgr.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\Program Files\Fax1.com\pdmon.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\downloads\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sueddeutsche.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [Msn Messenger] c:\windows\msnmsngr.exe
O4 - HKLM\..\Run: [Windows Firewall] c:\windows\windll.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: BlueSpace NE.lnk = ?
O4 - Startup: Fax1.com.lnk = C:\Program Files\Fax1.com\pdmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\PowerPanel\Program\PcfMgr.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/e/7.../OGAControl.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189436735266
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1189505281707
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{DD7F72FE-6964-4F28-8E64-7178BFC3441D}: NameServer = 172.16.9.101,192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUPnPRenderer - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe


--
End of file - 16086 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 TPkd - c:\windows\system32\drivers\tpkd.sys <Not Verified; PACE Anti-Piracy, Inc.; InterLok®>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 oibtvcom (Bluetooth Virtual COM Port) - c:\windows\system32\drivers\oivmvcom.sys <Not Verified; OPEN INTERFACE.; Bluetooth Virtual COM Port Driver for MS Stack>
R3 oivmctrl (VCOMM Device Controller) - c:\windows\system32\drivers\oivmctrl.sys <Not Verified; OPEN INTERFACE.; VCOMM Driver Controller>

S3 SYMIDSCO - c:\windows\system32\drivers\symidsco.sys (file missing)
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-23 18:00:00 414 --a------ C:\WINDOWS\Tasks\Norton Security Scan.job
2008-05-21 17:44:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-23 16:21:27 0 d-------- C:\kav
2008-05-23 16:06:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 16:06:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 15:55:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Google
2008-05-23 15:55:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ Toolbar
2008-05-23 15:47:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2008-05-23 15:03:13 0 d--h----- C:\Documents and Settings\mosbergh\Application Data\m
2008-05-15 15:12:53 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Canon
2008-05-15 14:41:56 0 d-------- C:\Documents and Settings\mosbergh\Application Data\ScanSoft
2008-05-15 14:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-05-15 14:41:55 0 d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-05-15 14:41:46 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2008-05-15 14:41:26 0 d-------- C:\Program Files\ScanSoft
2008-05-15 14:39:51 0 d--h----- C:\CanoScan
2008-05-12 21:51:24 0 d-------- C:\Program Files\Liquid Technologies
2008-05-04 16:45:00 0 d-------- C:\Program Files\Norton Ghost
2008-05-01 15:04:11 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Mobipocket
2008-04-29 18:20:04 0 d-------- C:\WINDOWS\Prefetch
2008-04-29 18:09:26 0 d-------- C:\WINDOWS\system32\scripting
2008-04-29 18:09:23 0 d-------- C:\WINDOWS\l2schemas
2008-04-29 18:09:22 0 d-------- C:\WINDOWS\system32\en
2008-04-27 09:04:08 74264 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-04-26 13:46:31 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-05-24 20:20:57 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Skype
2008-05-24 17:29:35 0 d-------- C:\Documents and Settings\mosbergh\Application Data\skypePM
2008-05-23 15:55:44 0 d-------- C:\Program Files\ICQToolbar
2008-05-23 14:01:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-23 11:52:46 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Adobe
2008-05-23 11:42:34 0 d-------- C:\Documents and Settings\mosbergh\Application Data\ZoomBrowser EX
2008-05-22 08:06:46 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-05-22 06:46:04 0 d-------- C:\Documents and Settings\mosbergh\Application Data\uTorrent
2008-05-21 18:00:00 0 d-------- C:\Program Files\Norton Security Scan
2008-05-18 09:15:04 0 d-------- C:\Program Files\Infinity PasswordSafe
2008-05-18 09:14:01 0 d-------- C:\Program Files\DivX
2008-05-18 09:13:36 0 d-------- C:\Program Files\Elaborate Bytes
2008-05-18 09:12:50 0 d-------- C:\Program Files\Canon
2008-05-15 14:41:46 0 d-------- C:\Program Files\Common Files
2008-05-13 03:40:10 0 d-------- C:\Program Files\uTorrent
2008-05-10 07:38:25 0 d-------- C:\Documents and Settings\mosbergh\Application Data\AdobeUM
2008-05-10 06:18:35 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-29 18:10:17 0 d-------- C:\Program Files\Messenger
2008-04-29 18:09:21 0 d-------- C:\Program Files\Movie Maker
2008-04-29 18:02:25 0 d-------- C:\Program Files\Windows NT
2008-04-27 08:59:55 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Apple Computer
2008-04-25 12:55:40 0 d-------- C:\Documents and Settings\mosbergh\Application Data\ICQ Toolbar
2008-04-24 18:08:22 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-22 14:18:32 0 d-------- C:\Program Files\ICQLite
2008-04-22 14:18:22 0 d-------- C:\Documents and Settings\mosbergh\Application Data\ICQLite
2008-04-16 17:33:42 0 d-------- C:\Program Files\Apple Software Update
2008-04-16 16:38:12 0 d-------- C:\Program Files\iPod
2008-04-16 16:35:52 0 d-------- C:\Program Files\QuickTime
2008-04-16 14:02:41 0 d-------- C:\Program Files\Infinity SIMEditor
2008-04-16 14:02:01 0 d-------- C:\Program Files\Infinity USB Unlimited
2008-04-09 03:54:58 155648 -----n--- C:\WINDOWS\system32\pwlang.dll
2008-04-06 05:36:20 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Intel
2008-04-06 05:35:13 0 d-------- C:\Program Files\Intel
2008-04-04 12:49:45 0 d-------- C:\Program Files\TI Education
2008-04-04 12:49:17 0 d-------- C:\Program Files\Common Files\TI Shared
2008-04-04 12:46:48 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 18:18:51 0 d-------- C:\Documents and Settings\mosbergh\Application Data\Download Manager
2008-03-13 09:55:58 0 -----n--- C:\WINDOWS\nsreg.dat
2008-03-12 07:10:18 633344 -----n--- C:\WINDOWS\system32\gpprefcl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-03-05 06:50:04 114688 -----n--- C:\WINDOWS\system32\InfUnltd.dll <Not Verified; WB Electronics ApS; Infinity USB Unlimited SDK>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [06/13/2003 06:52 PM]
"ATIModeChange"="Ati2mdxx.exe" [09/05/2001 05:24 AM C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [12/19/2003 03:00 PM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/13/2008 11:42 PM C:\WINDOWS\system32\bthprops.cpl]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [01/15/2003 03:07 PM]
"HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [04/01/2003 01:00 PM]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [08/20/2002 01:29 PM]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [06/23/2003 08:32 PM]
"Mouse Suite 98 Daemon"="ICO.EXE" [03/14/2002 07:46 PM C:\WINDOWS\system32\ico.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [12/07/2005 04:57 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [05/18/2006 05:29 AM]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [09/19/2005 11:29 AM]
"Msn Messenger"="c:\windows\msnmsngr.exe" []
"Windows Firewall"="c:\windows\windll.exe" []
"VAIO Recovery"="C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe" [04/20/2003 01:08 AM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"@"="" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 05:50 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [10/08/2007 08:18 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/08/2007 08:13 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 05:37 PM]
"iTunesHelper"="D:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 04:36 AM]
"ICQ Lite"="C:\Program Files\ICQLite\ICQLite.exe" [07/11/2006 06:06 AM]
"Norton Ghost 14.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [01/19/2008 02:01 PM]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [06/03/2002 11:38 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 11:42 PM]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 07:39 AM]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [05/12/2004 05:01 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 12:22 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 06:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/06/2008 12:01 PM]

C:\Documents and Settings\mosbergh\Start Menu\Programs\Startup\
BlueSpace NE.lnk - C:\Program Files\Sony\BlueSpace\BlueSpaceNE.exe [8/18/2003 10:41:19 AM]
Fax1.com.lnk - C:\Program Files\Fax1.com\pdmon.exe [9/11/2007 5:18:53 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2/15/2008 5:02:58 PM]
PowerPanel.lnk - C:\Program Files\PowerPanel\Program\PcfMgr.exe [8/16/2003 2:39:36 PM]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2/5/2007 9:40:46 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 09:39 AM 294400]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region-Free\DVDShell.dll [12/20/2003 03:58 PM 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-05-24 23:52:51 ------------



extra.txt
----------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1700MHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 1022.98 MiB / 543.49 MiB
Pagefile Memory (total/avail): 2463.77 MiB / 1991 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.7 MiB

C: is Fixed (NTFS) - 20 GiB total, 2.62 GiB free.
D: is Fixed (NTFS) - 86.78 GiB total, 15.3 GiB free.
F: is Removable (No Media)
R: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST9120821A - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 5.01 GiB
\PARTITION1 (bootable) - Installable File System - 20 GiB - C:
\PARTITION2 - Installable File System - 86.78 GiB - D:

\\.\PHYSICALDRIVE1 - Sony MSC-U04 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mosbergh\Application Data
CLASSPATH=.;"i\QTJava.zip";C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HANSNOTEBOOK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mosbergh
LOGONSERVER=\\HANSNOTEBOOK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0905
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\Roxio Central\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mosbergh\LOCALS~1\Temp
TMP=C:\DOCUME~1\mosbergh\LOCALS~1\Temp
USERDOMAIN=HANSNOTEBOOK
USERNAME=mosbergh
USERPROFILE=C:\Documents and Settings\mosbergh
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

mosbergh (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{26792CA7-D87A-4DBE-896B-C2F66B344511}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6D4F02C4-F6AF-4659-A933-7FC06235A8D5}
--> MsiExec.exe /I{7FD9FD10-9F7F-4DDF-B9F0-911209FF0CEA}
--> MsiExec.exe /I{8C60949A-46F9-4DD7-BA9F-78C00D9D4C8D}
--> MsiExec.exe /I{EB748B9B-F872-4E95-98E8-5CA7E5425DAF}
--> MsiExec.exe /I{F0EACC27-A729-406C-9BF6-C8F10CEC36F8}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93B80FB1-7A23-11D3-B250-00105A1F4184}\setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Acrobat 7.1.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI® Mobility Radeon Graphics Controller Driver for Microsoft® Windows® XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A511370-E01B-4DB4-B339-CF35FBA9BA32}\Setup.exe" -l0x9
BlueSpace NE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A62C3DB-2506-4FAE-A6DB-55D12A9BA370}\Setup.exe" -l0x9
Bluetooth Virtual COM Port --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A01348CB-585D-472E-B071-60DF7A1C8A88}\Setup.exe" -l0x9
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BreezeBrowser Pro --> "d:\Program Files\BreezeSys\BreezeBrowserPro\Uninstall.exe" "d:\Program Files\BreezeSys\BreezeBrowserPro\install.log" -u
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\Setup.exe" -l0x9 anything
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CloneDVDmobile --> "C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Program Files\SlySoft\CloneDVDmobile"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Downloader Pro --> "d:\Program Files\BreezeSys\Downloader Pro\Uninstall.exe" "d:\Program Files\BreezeSys\Downloader Pro\install.log" -u
DVD Region-Free 3.25 --> "C:\Program Files\DVD Region-Free\unins000.exe"
DxO Optics Pro v4.0 --> d:\Program Files\DxO Labs\DxO Optics Pro v4\uninst.exe
eMule --> "d:\Program Files\eMule\Uninstall.exe"
Euraconf R4 - Build 433 --> "C:\Program Files\EuraconfR4\unins000.exe"
Fax1.com --> "C:\Program Files\Fax1.com\unins000.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HotKey Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BB311F54-39D6-4A03-8E18-053D1B2833D7}\setup.exe" -l0x9
ICQ 5.1 --> C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ Toolbar --> regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
Infinity SIMEditor 1.35 --> "C:\Program Files\Infinity SIMEditor\unins000.exe"
Infinity USB Unlimited (Driver Removal) --> C:\WINDOWS\system32\Silabs\DriverUninstaller.exe USBXpress\INFUNLTD&104F&0004
Infinity USB Unlimited 2.71 --> "C:\Program Files\Infinity USB Unlimited\unins000.exe"
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
K-Lite Codec Pack 3.7.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memory Stick Formatter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\setup.exe" -l0x9 /UNINSTALL
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft ActiveSync --> MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Müller Fotowelt --> "d:\Program Files\Müller Fotowelt\Müller Fotowelt\uninstall.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton Ghost --> MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
Norton Security Scan --> MsiExec.exe /I{48B82226-75E3-4E90-92CC-D30F79EA6380}
Oleco --> C:\Programme\Oleco\uninstaller.exe
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerPanel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DCB53CB5-E82D-4F5E-BFE2-CBB200E19BEF}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Roxio Easy Media Creator 8 Suite --> MsiExec.exe /I{868901EE-7807-4F89-A134-7C705D34F91F}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SoftK56 Data Fax --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_8140104D\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_8140104D
Sony Certificate PCH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0448678-1203-4158-A58F-B3D0B616BF9E}\setup.exe"
Sony Notebook Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{936FADC9-C609-471A-B6F2-A33E2E660D1A}\setup.exe" -l0x9
Sony USB Mouse --> Pmuninst.exe MouseSuite98
Sony Utilities DLL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
the 123 of digital imaging Interactive Learning Suite --> "d:\Program Files\123di_40\unins000.exe"
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
VAIO BrightColor Wallpaper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}\setup.exe" -l0x9
VAIO Edit Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{761C9026-14F0-4352-8658-934558272404}\setup.exe"
VAIO Help and Support --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}
VAIO Registration --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{315BA29D-2644-4760-B5FD-5AC04A52B8C5}
VAIO Support --> "c:\program files\support.com\client\bin\tgfix.exe" /rm /nq
VAIO Wireless Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DF00135-D5A7-476A-BFB3-EDFF2840076A}\Setup.exe" -l0x9
Windows Desktop Search 3.01 --> MsiExec.exe /X {E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinISO 5.3 --> "C:\Program Files\WinISO\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless Switch Setting Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}\setup.exe" -l0x9
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type6195 / Error
Event Submitted/Written: 05/24/2008 11:48:57 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0xc1; %1 is not a valid Win32 application.

Event Record #/Type6193 / Error
Event Submitted/Written: 05/24/2008 11:43:39 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0xc1; %1 is not a valid Win32 application.

Event Record #/Type6191 / Error
Event Submitted/Written: 05/24/2008 11:38:39 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0xc1; %1 is not a valid Win32 application.

Event Record #/Type6189 / Error
Event Submitted/Written: 05/24/2008 11:33:38 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0xc1; %1 is not a valid Win32 application.

Event Record #/Type6187 / Error
Event Submitted/Written: 05/24/2008 11:28:38 PM
Event ID/Source: 101 / Automatic LiveUpdate Scheduler
Event Description:
Information Level: error

Failed launching Automatic LiveUpdate: err:0xc1; %1 is not a valid Win32 application.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8904 / Warning
Event Submitted/Written: 05/24/2008 11:45:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8885 / Warning
Event Submitted/Written: 05/24/2008 11:18:24 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8878 / Warning
Event Submitted/Written: 05/24/2008 11:13:33 PM
Event ID/Source: 4 / E100B
Event Description:
Adapter Intel® PRO/100 VE Network Connection: Adapter Link Down

Event Record #/Type8876 / Warning
Event Submitted/Written: 05/24/2008 11:13:30 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type8875 / Error
Event Submitted/Written: 05/24/2008 11:13:29 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.1.34 on the
Network Card with network address 080046B68319.



-- End of Deckard's System Scanner: finished at 2008-05-24 23:52:51 ------------


blacklight scan
-----------------
05/23/08 19:06:39 [Info]: BlackLight Engine 1.0.70 initialized
05/23/08 19:06:39 [Info]: OS: 5.1 build 2600 (Service Pack 3)
05/23/08 19:06:40 [Note]: 7019 4
05/23/08 19:06:40 [Note]: 7005 0
05/23/08 19:06:51 [Note]: 7006 0
05/23/08 19:06:51 [Note]: 7011 668
05/23/08 19:06:51 [Note]: 7035 0
05/23/08 19:06:57 [Note]: 7026 0
05/23/08 19:07:04 [Note]: 7026 0
05/23/08 19:07:13 [Note]: FSRAW library version 1.7.1024
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\empty.txt
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\filters.xml
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\news.png
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\paint.png
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\Profiles\blank.txt
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\sample1.jpg
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Info]: Hidden file: c:\Program Files\Movie Maker\Shared\sample2.jpg
05/23/08 19:09:36 [Note]: 10002 3
05/23/08 19:09:36 [Note]: 10002 2
05/23/08 19:09:36 [Note]: 10002 2
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Base.properties
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\ContactInfo.xml
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\interop.SymSnapService.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\SymsnapEvent.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\SymSnapProviderXP.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\VssProviderInstall.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\VSS_2003.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\VSS_XP.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\difxapi.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\eventmonitorx86.cat
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\geardrvsetup.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\Installx86.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\SymSnap.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\V2iMount.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\v2imountx86.cat
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\VProEventMonitor.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\vsnapx86.cat
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\wimfltr.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\win32\SymSnap.sys
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\win32\V2iMount.sys
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\win32\VProEventMonitor.sys
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\win32\wimfltr.sys
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\difxapi.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\gearaspiwdm.cat
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\GEARAspiWDM.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\gearinf.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\gearinstall.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\x86\GEARAspi.dll
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win32\x86\x86\GEARAspiWDM.sys
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\eventmonitoramd64.cat
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\geardrvsetup.exe
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\V2iMount.inf
05/23/08 19:09:42 [Note]: 10002 3
05/23/08 19:09:42 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\v2imountamd64.cat
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\VProEventMonitor.inf
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\wimfltr.inf
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\win64-x64\V2iMount.sys
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\win64-x64\VProEventMonitor.sys
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Drivers\win64\win64-x64\wimfltr.sys
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\EasySetupInt.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\ErrorGui.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Eula.rtf
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\FileBackup.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Help.chm
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\interop.VProSvc.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\NBase.properties
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\NBaseResults.properties
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\Readme.htm
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\SNMPTrapNotifier.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\sqlite3.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\V2iMountService.exe
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\VProProgress.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Info]: Hidden file: c:\Program Files\Norton Ghost\Shared\VProSvcPS.dll
05/23/08 19:09:43 [Note]: 10002 3
05/23/08 19:09:43 [Note]: 10002 2
05/23/08 19:09:43 [Note]: 10002 2
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 3
05/23/08 19:09:44 [Note]: 10002 2
05/23/08 19:09:44 [Note]: 10002 2
05/23/08 19:10:05 [Info]: Hidden file: c:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
05/23/08 19:10:05 [Note]: 10002 3
05/23/08 19:10:05 [Note]: 10002 2
05/23/08 19:10:05 [Note]: 10002 2
05/23/08 19:10:07 [Note]: 10002 3
05/23/08 19:10:07 [Note]: 10002 2
05/23/08 19:10:07 [Note]: 10002 2
05/23/08 19:13:03 [Note]: 10002 2
05/23/08 19:13:03 [Note]: 10002 2
05/23/08 19:15:23 [Info]: Hidden file: c:\WINDOWS\system32\drivers\hldrrr.exe
05/23/08 19:15:23 [Note]: 10002 2
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\1005045.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\104252837.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\104258485.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\133922.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\154552.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\167641.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\243690.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\390882.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\420574.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\653449.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\699876.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\720656.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\745031.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\937518.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\downld\986308.exe
05/23/08 19:15:37 [Note]: 10002 3
05/23/08 19:15:37 [Note]: 10002 2
05/23/08 19:15:37 [Note]: 10002 2
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\mdelk.exe
05/23/08 19:15:37 [Note]: 10002 2
05/23/08 19:15:37 [Info]: Hidden file: c:\WINDOWS\system32\drivers\srosa.sys
05/23/08 19:15:37 [Note]: 10002 2
05/23/08 19:23:13 [Note]: 7007 0

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 PM

Posted 25 May 2008 - 08:48 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download ComboFix and save it to your desktop.

Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:38 PM

Posted 15 June 2008 - 08:20 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users