Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Perfc000.dat File


  • This topic is locked This topic is locked
2 replies to this topic

#1 SiriusAdvocate

SiriusAdvocate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 02 August 2008 - 10:06 PM

I have seen before quite a few times a description of the problem I am currently having, so I will try to be brief and save your time as I am sure you are aware of this issue.
This must be some sort of infection. Every time a new process is starting on my PC (I open a new application, open file by using shortcut, or even during a start-up when programs that are to be loaded during start-up) I have a window popping up with the title (blue portion of the window) that has the name of the application that opens up and the following text:

"The application or DLL C:\WINXP\system32\perfc000.dat is not a valid image. Please check this against your installation diskette"

For example, if I am opening Notepad, a window with the text as above and title "NOTEPAD.EXE - Bad Image" will pop up. There is only one button OK in this popped up window. Once you click OK, it goes away and the application/process continues to load.

Copies of the logs from running your scanning software is below.
I am very thankful for your help in advance



Deckard's System Scanner v20071014.68
Run by Default on 2008-08-02 22:38:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
24: 2008-08-03 02:38:38 UTC - RP24 - Deckard's System Scanner Restore Point
23: 2008-08-02 00:11:13 UTC - RP23 - System Checkpoint
22: 2008-07-31 23:17:01 UTC - RP22 - System Checkpoint
21: 2008-07-30 23:03:05 UTC - RP21 - System Checkpoint
20: 2008-07-29 18:47:18 UTC - RP20 - System Checkpoint


-- First Restore Point --
1: 2008-07-07 19:02:20 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 7.65 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-02 22:44:11
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINXP\system32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINXP\system32\cisvc.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\mixer.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINXP\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
E:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
C:\WINXP\system32\alg.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\cidaemon.exe
C:\WINXP\explorer.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
C:\WINXP\system32\spoolsv.exe
E:\Downloads\BleepingMalwareSoftware\dss.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rambler.ru/ri6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Rambler-└˝˝Ŕ˝˛ňݲ - {468CD8A9-7C25-45FA-969E-3D925C689DC4} - C:\Program Files\Rambler Assistant\ramblertoolbarU0.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "E:\Program Files\Norton Antivirus\osCheck.exe"
O4 - HKLM\..\Run: [WinVNC] "E:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] E:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1
O4 - HKLM\..\Policies\Explorer\Run: [system] C:\WINXP\csrss.exe
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless PCI_CardBus utility V1.01.exe.lnk = C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: ????? ? ??????? ???????? - res://C:\Program Files\Rambler Assistant\ramblertoolbarU0.dll/search.htm
O8 - Extra context menu item: ????????? ? ??????? ???????? ???????? - res://C:\Program Files\Rambler Assistant\ramblertoolbarU0.dll/dic.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\network diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://staplescanada.webprint.com (HKCU)
O15 - Trusted Zone: http://staplescanada.webprint.com (HKCU)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\QuickTax 2007\ic2007pp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - AppInit_DLLs: C:\WINXP\system32\perfc000.dat
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: dvpapi - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - E:\Program Files\Norton Antivirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\ramaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\hpzipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - E:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - E:\Program Files\TightVNC\WinVNC.exe


--
End of file - 14168 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - shell\edit\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - inifile - shell\open\command - %SystemRoot%\System32\NOTEPAD.EXE %1"
.pif - piffile - shell\open\command - "%1" %*"
.scr - AutoCADScriptFile - shell\open\command - "C:\WINXP\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATMhelpr - c:\winxp\system32\drivers\atmhelpr.sys <Not Verified; Adobe Systems Incorporated; Adobe Type Manager Deluxe>
R1 SCDEmu - c:\winxp\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 VirtualBackplane (A-B Virtual Backplane) - c:\winxp\system32\drivers\virtualbackplane.sys <Not Verified; Rockwell Automation; VirtualBackplane Driver>
R3 W8335XP (802.11g/b Driver for Windows XP ) - c:\winxp\system32\drivers\mrvw125.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>

S2 DS1410D - c:\winxp\system32\drivers\ds1410d.sys (file missing)
S3 ABKT (RSLinx AB KT Driver ) - c:\winxp\system32\abkt.sys <Not Verified; Rockwell Software Inc.; Microsoft® Windows NT® Operating System>
S3 ABKTC (RSLinx AB KTC Driver ) - c:\winxp\system32\abktc.sys <Not Verified; Rockwell Software Inc.; Microsoft® Windows NT™ Operating System>
S3 ABKTCX (Rockwell Software 1784-KTC(X) Driver) - c:\winxp\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 ABPCIC (Rockwell Automation 1784-PCIC Driver) - c:\winxp\system32\drivers\abpcic.sys <Not Verified; Allen-Bradley; 1784-PCIC Device Driver>
S3 ABPIC (RSLinx AB PIC Driver) - c:\winxp\system32\abpic.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 ABRNA (RSLinx AB PCCC Protocol Driver ) - c:\winxp\system32\abrna.sys <Not Verified; Rockwell Software Inc.; Microsoft® Windows NT™ Operating System>
S3 ABRNAC (RSLinx AB KTC Protocol Driver ) - c:\winxp\system32\abrnac.sys <Not Verified; Rockwell Software Inc.; Microsoft® Windows NT™ Operating System>
S3 giveio - c:\winxp\system32\giveio.sys
S3 MRV6X32U (Vista 32-bits Native WiFi Driver - USB) - c:\winxp\system32\drivers\mrvw23b.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11 NIC>
S3 MRVW225 (802.11g/b Wireless LAN Dirver for Windows XP) - c:\winxp\system32\drivers\mrvw225.sys <Not Verified; Marvell Semiconductor, Inc; Marvell Wireless LAN Cilent Adapter-USB>
S3 NPF (NetGroup Packet Filter Driver) - c:\winxp\system32\drivers\npf.sys <Not Verified; NetGroup - Politecnico di Torino; WinPcap Netgroup Packet Filter Driver>
S3 RS_SS_NT (RSLinx S-S SD/SD2 Device Driver) - c:\winxp\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\winxp\system32\rsikt.sys <Not Verified; Rockwell Software Inc.; RSLinx>
S3 RSSERIAL (RSLinx Serial Driver) - c:\winxp\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CarboniteService - "c:\program files\carbonite\carbonite backup\carboniteservice.exe" <Not Verified; Carbonite, Inc. (www.carbonite.com); Carbonite Secure Backup -- Backup for Everyone ™>
R2 winvnc (VNC Server) - "e:\program files\tightvnc\winvnc.exe" -service <Not Verified; Constantin Kaplinsky; TightVNC Win32 Server>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 matlabserver (MATLAB Server) - c:\matlab6p5\webserver\bin\win32\matlabserver.exe
S3 1784-PCIDS DeviceNet - c:\program files\rockwell software\rslogix emulate 5000\pcidsservice.exe <Not Verified; Rockwell Automation; 1784-PCIDS DeviceNet>
S3 Harmony - c:\progra~1\rockwe~1\rscommon\rsobserv.exe <Not Verified; Rockwell Software Inc.; Rockwell Sofware Hamony services>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 rpcapd (Remote Packet Capture Protocol v.0 (experimental)) - "c:\program files\winpcap\rpcapd.exe" -d -f "c:\program files\winpcap\rpcapd.ini" <Not Verified; NetGroup - Politecnico di Torino; Remote Packet Capture Daemon>
S3 RSLinx - e:\progra~1\rockwe~1\rslinx\rslinx.exe /service <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 SimModuleService (1789-SIM Simulator Module) - c:\program files\rockwell software\rslogix emulate 5000\simmoduleservice.exe <Not Verified; ; SimModuleService Module>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ADMtek AN983 based ethernet adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\4&25296D99&0&50F0
Manufacturer: ADMtek Incorporated
Name: ADMtek AN983 based ethernet adapter
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_EC021113&REV_11\4&25296D99&0&50F0
Service: AN983


-- Scheduled Tasks -------------------------------------------------------------

2008-07-26 03:00:00 546 --a------ C:\WINXP\Tasks\Norton AntiVirus - Run Full System Scan - Default.job


-- Files created between 2008-07-02 and 2008-08-02 -----------------------------

2008-08-01 22:00:36 0 d-------- C:\Documents and Settings\Alex\.Nokia
2008-08-01 21:58:46 0 d--h----- C:\Documents and Settings\Alex\InstallAnywhere
2008-07-30 15:49:01 0 d-------- C:\Documents and Settings\Alex\Application Data\Nokia Multimedia Player
2008-07-23 16:42:31 0 d--hs---- C:\Documents and Settings\Alex\Phone Browser
2008-07-23 11:29:27 59872 --a------ C:\Documents and Settings\Alex\Application Data\GDIPFONTCACHEV1.DAT
2008-07-20 14:17:11 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Adobe
2008-07-09 13:12:36 0 d-------- C:\Documents and Settings\Alex\Contacts


-- Find3M Report ---------------------------------------------------------------

2008-08-02 18:23:27 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-02 07:57:45 0 d-------- C:\Program Files\Rambler Assistant
2008-08-01 22:58:06 0 d-------- C:\Documents and Settings\Default\Application Data\Nokia Multimedia Player
2008-08-01 22:49:42 0 d-------- C:\Documents and Settings\Default\Application Data\Skype
2008-08-01 22:00:36 0 d--h----- C:\Program Files\Zero G Registry
2008-07-31 05:56:28 0 d-------- C:\Program Files\LogMeIn
2008-07-26 11:43:10 0 d-------- C:\Program Files\Java
2008-07-20 14:23:22 0 d-------- C:\Documents and Settings\Default\Application Data\AdobeUM
2008-07-20 14:01:30 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-10 22:13:35 0 d-------- C:\Program Files\Quicken
2008-07-02 23:42:15 0 d-------- C:\Program Files\QUICKENW
2008-06-17 06:40:49 0 d-------- C:\Program Files\DealBook FX 2
2008-05-27 22:59:30 59872 --a------ C:\Documents and Settings\Default\Application Data\GDIPFONTCACHEV1.DAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [07/12/2002 04:33 PM C:\WINXP\mixer.exe]
"DXDllRegExe"="dxdllreg.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 02:27 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 05:00 PM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [08/11/2005 04:30 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [08/11/2005 04:30 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [09/02/2006 10:04 PM]
"osCheck"="E:\Program Files\Norton Antivirus\osCheck.exe" [09/05/2006 04:22 PM]
"WinVNC"="E:\Program Files\TightVNC\WinVNC.exe" [08/01/2003 07:28 PM]
"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [10/16/2007 05:46 PM]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [08/03/2007 04:09 PM]
"PWRISOVM.EXE"="E:\Program Files\PowerISO\PWRISOVM.EXE" [03/14/2008 07:50 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 05:38 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/06/2006 01:49 PM]
"PowerBar"="" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/03/2004 08:56 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
@=

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users.WINXP\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [7/28/2005 11:30:09 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
Wireless PCI_CardBus utility V1.01.exe.lnk - C:\Program Files\Customer\Wireless PCI_CardBus utility V1.01\Wireless PCI_CardBus utility V1.01.exe [12/22/2007 2:21:37 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"system"=C:\WINXP\csrss.exe
@=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 05/28/2008 12:32 PM 87352 C:\WINXP\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINXP\system32\perfc000.dat


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04551b36-1c44-11dc-8b56-0050bf96b8f3}]
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b526aa4a-24fa-11dc-8b68-0050bf96b8f3}]
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c562c5e8-8cc4-11db-bc13-806d6172696f}]
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2d04818-9e79-11db-8ab6-0050bf96b8f3}]
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5ae2dd8-7f9a-11da-b4fd-0050bf96b8f3}]
AutoRun\command- C:\WINXP\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 HOSTADD


-- End of Deckard's System Scanner: finished at 2008-08-02 22:46:36 ------------

















Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1023.47 MiB / 484.88 MiB
Pagefile Memory (total/avail): 1694.13 MiB / 1268.54 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1906.43 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.53 GiB total, 7.65 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 186.31 GiB total, 115.53 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE1 - WDC WD2000BB-22GUC0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - E:

\\.\PHYSICALDRIVE0 - WDC WD800JB-00JJA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE2 - HP psc 2410 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton AntiVirus v2007 (Symantec Corporation) Disabled
AV: Norton AntiVirus v2007 (Symantec Corporation) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mike\\Desktop\\Kazza\\Limewire\\LimeWire.exe"="C:\\Documents and Settings\\Mike\\Desktop\\Kazza\\Limewire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\PCPhone\\PCPhone.exe"="C:\\Program Files\\PCPhone\\PCPhone.exe:*:Enabled:PCPhone Application"
"C:\\WINXP\\system32\\fxsclnt.exe"="C:\\WINXP\\system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\WINXP\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINXP\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"="C:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"C:\\Program Files\\Java\\jdk1.5.0_01\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_01\\jre\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe"="C:\\Program Files\\Java\\jdk1.5.0_06\\jre\\bin\\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\SIPSoft\\SIPSoft.exe"="C:\\Program Files\\SIPSoft\\SIPSoft.exe:*:Enabled:SIPSoft Client"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"E:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"="E:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE:*:Enabled:RSLinx Communications Server"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.4.6314-to-2.0.5.6320-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Enabled:Nero Home"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.5.6320-to-2.0.6.6337-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\All Users.WINXP\\Documents\\VLSite2\\template\\Empire earth\\age2_x1.exe"="C:\\Documents and Settings\\All Users.WINXP\\Documents\\VLSite2\\template\\Empire earth\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINXP\\system32\\dplaysvr.exe"="C:\\WINXP\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\Program Files\\AutomationDirect\\C-more\\EA-PGM.exe"="E:\\Program Files\\AutomationDirect\\C-more\\EA-PGM.exe:*:Enabled:C-more Programming Software Application"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\Personal Firewall\\ioloFW.exe:*:Enabled:iolo Firewall«"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\ioloAV.exe:*:Enabled:iolo AntiVirus«"
"C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe"="C:\\Program Files\\iolo\\System Mechanic Professional 7\\AntiVirus\\iAVEmailScanner.exe:*:Enabled:iolo AntiVirus« Email Protection"
"C:\\WINXP\\csrss.exe"="C:\\WINXP\\csrss.exe:*:Enabled:08116B7163C39CF3"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Disabled:Blizzard Repair Utility"
"C:\\Program Files\\DealBook FX 2\\DealBookFX.exe"="C:\\Program Files\\DealBook FX 2\\DealBookFX.exe:*:Enabled:DealBookFX"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\ICQ6\\ICQ.exe"="C:\\Program Files\\ICQ6\\ICQ.exe:*:Enabled:ICQ6"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINXP
APPDATA=C:\Documents and Settings\Default\Application Data
AWR_LICENSE_FILE=C:\Program Files\eMule\Incoming\Awr Microwave Office 2004 2537R v651 Keygen Updated-Fixed 05-2006\awr.lic
CLASSPATH=C:\Program Files\PhotoDeluxe HE 3.0\AdobeConnectables;
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=DEFAULT-090179A
ComSpec=C:\WINXP\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Default
include=C:\Program Files\Microsoft Visual Studio\VC98\atl\include;C:\Program Files\Microsoft Visual Studio\VC98\mfc\include;C:\Program Files\Microsoft Visual Studio\VC98\include
Java=C:\Program Files\Java\jdk1.5.0_01\bin
lib=C:\Program Files\Microsoft Visual Studio\VC98\mfc\lib;C:\Program Files\Microsoft Visual Studio\VC98\lib
LOGONSERVER=\\DEFAULT-090179A
MSDevDir=C:\Program Files\Microsoft Visual Studio\Common\MSDev98
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINXP\system32;C:\PROGRA~1\ROCKWE~1\RSCommon;C:\WINXP;C:\WINXP\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;c:\matlab6p5\bin\win32;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\OMRON\CX-Server\;C:\Program Files\Common Files\Omron\Cpls\;C:\Program Files\OMRON\CX-Server\Drivers\CS1\;C:\Program Files\OMRON\CX-Server\Drivers\CS1-H(FB)\;C:\Program Files\OMRON\CX-Server\Drivers\CompoWayF\;C:\Program Files\OMRON\CX-Server\Drivers\DeviceNet\;C:\Program Files\OMRON\CX-Server\Drivers\FQM1\;C:\Program Files\OMRON\CX-Server\Drivers\NS-V1\;E:\Program Files\ESTsoft\ALZip\;C:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;C:\Program Files\Microsoft Visual Studio\Common\Tools;C:\Program Files\Microsoft Visual Studio\VC98\bin;C:\SSH Secure Shell;E:\Program Files\ESTsoft\ALZip\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINXP
TEMP=C:\DOCUME~1\Default\LOCALS~1\Temp
TMP=C:\DOCUME~1\Default\LOCALS~1\Temp
USERDOMAIN=DEFAULT-090179A
USERNAME=Default
USERPROFILE=C:\Documents and Settings\Default
windir=C:\WINXP


-- User Profiles ---------------------------------------------------------------

Default (admin)
Alex (admin)
Administrator.DEFAULT-090179A (admin)
Guest (new local, guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINXP\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL2.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
--> C:\WINXP\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINXP\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINXP\UNNeroShowTime.exe /UNINSTALL
--> C:\WINXP\UNNeroVision.exe /UNINSTALL
--> C:\WINXP\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
Access 2002 Power Programming by Example --> C:\UNWISE.EXE C:\INSTALL.LOG
Acoustica MP3 Audio Mixer --> C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINXP\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINXP\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINXP\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINXP\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Type Manager 4.0 --> C:\WINXP\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
ALZip --> "E:\Program Files\ESTsoft\ALZip\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Army Builder V2.2c --> C:\ARMYBU~2\UNWISE.EXE C:\ARMYBU~2\INSTALL.LOG
Army Builder V3.1c --> C:\ARMYBU~1\UNWISE.EXE C:\ARMYBU~1\INSTALL.LOG
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{78E33B36-2103-49FC-B058-8CF44B6E75FD}
AutoCAD 2002 --> MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
AutoCAD Electrical 2006 --> MsiExec.exe /I{5783F2D7-4007-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avery« Wizard 2.1 for Microsoft« Word 2002 --> C:\WINXP\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL2.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
AWR Design Environment 2004 (6.5x) --> C:\PROGRA~1\AWR\AWR2004\UNWISE.EXE C:\PROGRA~1\AWR\AWR2004\INSTALL.LOG
AWR Shortcut --> C:\PROGRA~1\AWR\AWR2004\UNWISE.EXE C:\PROGRA~1\AWR\AWR2004\INSTALL.LOG
Bicycle Board Games --> "C:\Program Files\Microsoft Games\Bicycle Board Games\UNINSTAL.EXE" /runtemp /addremove
BitComet 0.99 --> C:\Program Files\BitComet\uninst.exe
C-more Programming Software Version 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0439CC0-EF0D-4F26-8C91-07B646B0C3D3}\setup.exe" -l0x9 -removeonly
Carbonite --> C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /remove
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CX-One --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{82CBA6BD-B83C-433A-972E-D5D67E16A447} /l1033
CX-Server --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{53C1E51B-5C61-4D16-9301-7BE2FF945A74} /l1033
CX-Server Driver Management Tool --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{FF6F9D87-9A74-4308-B7D8-1843F451E498} /l1033
Data Lifeguard Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DealBook FX 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4F1AEBC-6259-459B-BF23-201335038F3F}\Setup.exe" -l0x9
Deus Ex --> E:\DeusEx\System\Setup.exe uninstall "Deus Ex"
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
Dragon NaturallySpeaking Components --> C:\WINXP\IsUninst.exe -fC:\WINXP\SPEECH\DRAGON\Uninst.isu
Dragon NaturallySpeaking Preferred 4.0 --> C:\WINXP\uninst.exe -fC:\NatSpeak\DeIsL2.isu -c"C:\NatSpeak\Uninst.dll
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution --> "C:\Program Files\Uninstall_CDS.exe"
EAGLE 4.16 --> C:\WINXP\uninst.exe -f"C:\Program Files\EAGLE-4.16\DeIsL1.isu"
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FastStone Image Viewer 2.15 --> C:\Program Files\FastStone Image Viewer\uninst.exe
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
Flash Favorite 1.5 --> "C:\Program Files\Flash Favorite\unins000.exe"
HijackThis 2.0.0 --> "E:\Downloads\HijackThis.exe" /uninstall
HP Photo & Imaging 3.1 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.0 --> "C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
ICQ6 --> C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
J2SE Development Kit 5.0 Update 1 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150010}
J2SE Development Kit 5.0 Update 6 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150060}
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java\jre1.5.0_01\bin\uninst-javaws.exe"
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Keil ÁVision3 --> C:\Keil\Uninstall.exe
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player 8 --> MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
MathType 5 --> "C:\Program Files\MathType\Setup.exe" -R
MATLAB 6.5 --> C:\MATLAB6p5\uninstall\uninstall.exe C:\MATLAB6p5
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 6.0 Standard Edition --> "C:\Program Files\Microsoft Visual Studio\VC98\Setup\1033\Setup.exe"
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Multimedia Launcher --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Multisim 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98E28570-B754-40B0-8B14-E242CB879EC5}\setup.exe" -l0x9 -removeonly
My Sirius Studio --> C:\Program Files\Sirius\MySiriusStudio\Uninstall.exe
Nero 7 Demo --> MsiExec.exe /I{692854CC-97EF-4307-B787-8C6787B91033}
NetBeans IDE 5.0 --> C:\Program Files\netbeans-5.0\_uninst\uninstaller.exe
Netscape (7.2) --> C:\WINXP\NSUninst.exe /ua "7.2 (en)"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0FF1922C-B6C4-40BB-AF30-BEF75A482444}
Nokia Multimedia Converter 2.0 --> "C:\Documents and Settings\Alex\Desktop\NOKIA\Nokia_Multimedia_Converter_2_0\Uninstall\Uninstaller.exe"
Nokia PC Suite --> MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
OCN« Practice Test 2000 --> MsiExec.exe /X{988B9FB1-AAA4-41DA-9C80-E224FBD57D28}
PanelBuilder32 --> C:\WINXP\IsUninst.exe -f"E:\Program Files\Allen-Bradley\PanelBuilder32\Uninst.isu" -c"E:\Program Files\Allen-Bradley\PanelBuilder32\PFTUninst.DLL"
PC Connectivity Solution --> MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PCI Audio Driver --> cmuninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO --> "E:\Program Files\PowerISO\uninstall.exe"
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Quicken 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTax 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}\isetup.ex_" -l0x9 -uninst
QuickTax 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}\isetup.ex_" -l0x9 -uninst
QuickTax 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTax 2007 --> MsiExec.exe /X{22EC35BD-F8F2-45EB-8DCB-1C7FB65D0A71}
QuickTime Alternative 1.56 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
Rambler-└˝˝Ŕ˝˛ňݲ --> "C:\Program Files\Rambler Assistant\uninstall.exe"
Rockwell Automation 1734 Analog Module Profiles --> MsiExec.exe /X{47DA63A6-29D6-444B-8011-D42264D9C677}
Rockwell Automation 1734 Discrete Module Profiles --> MsiExec.exe /X{740F4E19-163B-4A5E-8163-8B289E9D9D12}
Rockwell Automation 1734 Specialty Module Profiles --> MsiExec.exe /X{54BAA1C2-D1D7-41E1-B386-F92F0480EEF0}
Rockwell Automation 1738 Analog Module Profiles --> MsiExec.exe /X{CCA50E0F-1544-49D4-B6DC-AEA3419125B7}
Rockwell Automation 1738 Discrete Module Profiles --> MsiExec.exe /X{BF744D6B-3ED6-456A-B050-2DE660ECE0C6}
Rockwell Automation 1738 Specialty Module Profiles --> MsiExec.exe /X{E3B3C911-C7CB-45AA-99A1-1A4493C96CA7}
Rockwell Automation 1756 CNet Comms Module Profile --> MsiExec.exe /X{A8D5700E-4004-455C-9E87-12F2914C339F}
Rockwell Automation 1756 ENet Comms Module Profile --> MsiExec.exe /X{ED628A00-B9E8-4A57-9B9B-CF62853F8F63}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{E205AFEE-B82A-42F9-9CB8-AC9F3DA6A145}
Rockwell Automation 1769 Discrete Module Profiles --> MsiExec.exe /X{C11E7980-F8B3-45CE-B2D9-73B6255A12D2}
Rockwell Automation 1769 Specialty Module Profiles --> MsiExec.exe /X{229E3F9C-3012-4289-9A2A-BEF0A37421F4}
Rockwell Automation 1791DS Discrete Module Profiles --> MsiExec.exe /X{73E9E6F7-E0AE-4178-A62C-2D405CA3C12D}
Rockwell Software Hardware Maintenance Tool --> C:\PROGRA~1\ROCKWE~1\RSCommon\RSHware.exe
Roxio CDEngine --> C:\WINXP\UNENG.EXE
RSI Utilities English --> e:\Program Files\Rockwell Software\Uninstaller\UnRSI.exe path=e:\Program Files\Rockwell Software\Uninstaller\RSUtils -fUnRsi.ins
RSLinx 2.2 --> C:\WINXP\UNINST.EXE -fe:\PROGRA~1\ROCKWE~1\RSLinx\DeIsL1.isu -ce:\PROGRA~1\ROCKWE~1\RSLinx\LINXINST.DLL
RSLogix 500 English --> e:\Program Files\Rockwell Software\Uninstaller\UnRSI.exe path=e:\Program Files\Rockwell Software\Uninstaller\RSLogix 500 English -fUnRsi.ins
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{E57D748E-D3F2-4827-9C16-D8A823CACDC7}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{75CC69A9-9DDA-41DE-9C6B-ECEE5654F6E2}
RSLogix 5000 System Updates --> MsiExec.exe /X{0E33A3E0-BEDA-467E-A3BD-B5AC8FE2179C}
RSLogix 5000 v11.11 --> MsiExec.exe /X{ACA11321-AB9A-48FB-A685-70724790A68A}
RSLogix 5000 v13.03 --> MsiExec.exe /X{30010313-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v15.01 --> MsiExec.exe /X{30010115-EC33-11D6-A408-F6139379CBFB}
RSLogix Emulate 5000 15.00.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{09D96199-F539-4DB8-A24B-257BD89C2DD9}\setup.exe" AnyText
ServiceProvider --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB411FB3-0E96-4622-84AF-22551967D070}\setup.exe"
SIPSoft --> C:\PROGRA~1\SIPSoft\UNWISE.EXE C:\PROGRA~1\SIPSoft\INSTALL.LOG
Skype 2.0 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sothink SWF Decompiler --> "C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SSH Secure Shell --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
Staples Copy & Print Online 1.5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Adobe\PDFTransit\1.5.0\Webprint\Webprint Client\setup.exe" -ra -l0x0009
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
TightVNC 1.2.9 --> "E:\Program Files\TightVNC\unins000.exe"
TypingMaster Pro --> "C:\Program Files\TypingMaster\unins000.exe"
Ultiboard 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4D764A51-73E7-43A3-9D7D-8CA1B6A62B0C}\setup.exe" -l0x9 -removeonly
Ultiroute 8 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC87728A-B93A-4F68-9C02-6271D59F08EA}\setup.exe" -l0x9 -removeonly
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinAVI Video Converter 5.8 --> "E:\Program Files\WinAVI Video Converter\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINXP\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINXP\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinPcap 3.1 beta4 --> "C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Wireless PCI_CardBus utility V1.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0150ECF7-60CB-43C5-AB0A-877BB76ABA55}\setup.exe" -l0x9 -removeonly
Yahoo! Toolbar --> rundll32.exe C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YCOMP5~1.DLL,DllCommand ui


-- Application Event Log -------------------------------------------------------

Event Record #/Type10715 / Error
Event Submitted/Written: 08/02/2008 08:55:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module mshtml.dll, version 7.0.6000.16544, fault address 0x000b1d10.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10714 / Error
Event Submitted/Written: 08/02/2008 08:44:48 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module iexplore.exe, version 7.0.6000.16544, fault address 0x00090049.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10713 / Error
Event Submitted/Written: 08/02/2008 08:44:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16544, faulting module unknown, version 0.0.0.0, fault address 0x005c0031.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type10703 / Error
Event Submitted/Written: 08/02/2008 08:13:00 PM
Event ID/Source: 3007 / LoadPerf
Event Description:
Unable to read the performance counter explain text strings of the
000 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type10675 / Error
Event Submitted/Written: 08/02/2008 06:32:12 PM
Event ID/Source: 3007 / LoadPerf
Event Description:
Unable to read the performance counter explain text strings of the
000 language ID.
The Win32 status returned by the call is the first DWORD in Data section.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type24480 / Error
Event Submitted/Written: 08/02/2008 10:46:02 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type24463 / Error
Event Submitted/Written: 08/02/2008 10:01:53 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type24462 / Error
Event Submitted/Written: 08/02/2008 09:59:10 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Event Record #/Type24459 / Error
Event Submitted/Written: 08/02/2008 09:58:10 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The CarboniteService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Event Record #/Type24456 / Error
Event Submitted/Written: 08/02/2008 09:58:03 PM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-08-02 22:46:36 ------------

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:13 PM

Posted 10 August 2008 - 11:42 PM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


If you already preformed the steps above We still need to see the current state of the machine fresh scan and logs are still necessary

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All
click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with dss reports main.txt, extra.txt and Kaspersky report.

Regards
SNOWHITE
Posted Image

#3 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:07:13 PM

Posted 21 August 2008 - 04:31 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Thank you :thumbsup:
SNOWHITE
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users