Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Volmgr BtHidBus crashes BSOD


  • This topic is locked This topic is locked
6 replies to this topic

#1 mrwoll

mrwoll

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 06 February 2009 - 01:18 PM

Hi guys,

I am getting a lot of errors in Vista Event Viewer which I suspect are causing my BSOD's and screen freezes.

My laptop system specs:

Sony Vaio
*Windows Vista 32 Bit running SP1
*Dual Core 2GHz
*4GB RAM (know 32bit only utilises 3GB)
*1 TB external HDD
*Kaspersky AV 2009

The following boot-start or system-start driver(s) failed to load:
BtHidBus

EVENT ID:7072

and

Volmgr
Crash dump initialization failed!

EVENT ID: 46

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="volmgr" />
<EventID Qualifiers="49156">46</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-02-06T13:42:45.638Z" />
<EventRecordID>1052207</EventRecordID>
<Channel>System</Channel>
<Computer>william-PC.MIG.local</Computer>
<Security />
</System>
- <EventData>
<Data>\Device\HarddiskVolume2</Data>
<Binary>0000000001000000000000002E0004C001100000010000C000000000000000000000000000000000</Binary>
</EventData>
</Event>

I think the volmgr problem is causing a lot of the blue screens I am experiencing. I also experience the screen just freezing thus having to manually force a shutdown.


Here is my HijackThis log, not sure if anything in there springs out as immediately untoward (lots of file missing entries?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:49, on 06/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\mmc.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Program Files\HijackThis\hijackthis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\william\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIG.local
O17 - HKLM\Software\..\Telephony: DomainName = MIG.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIG.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8767 bytes


If someone could have a look it would be greatly appreciated.

Will

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:43 PM

Posted 19 February 2009 - 08:15 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 mrwoll

mrwoll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 20 February 2009 - 11:36 AM

Thanks for getting back.

I have run RSI and here is the contents of my info and log files:

info.txt logfile of random's system information tool 1.05 2009-02-20 16:13:39

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe After Effects CS4 Presets-->MsiExec.exe /I{44E240EC-2224-4078-A88B-2CEE0D3016EF}
Adobe After Effects CS4 Third Party Content-->MsiExec.exe /I{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}
Adobe After Effects CS4-->MsiExec.exe /I{45EC816C-0771-4C14-AE6D-72D1B578F4C8}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles AE CS4-->MsiExec.exe /I{B15381DD-FF97-4FCD-A881-ED4DB0975500}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Contribute CS4-->MsiExec.exe /I{A6EC82A0-1414-475D-8AFD-469089F3080D}
Adobe Creative Suite 4 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\b2d6abde968e6f277ddbfd501383e02\Setup.exe --uninstall=1
Adobe Creative Suite 4 Master Collection-->MsiExec.exe /I{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}
Adobe CS4 American English Speech Analysis Models-->MsiExec.exe /I{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe Encore CS4 Codecs-->MsiExec.exe /I{FB2A5FCC-B81B-48C2-A009-7804694D83E9}
Adobe Encore CS4-->MsiExec.exe /I{5EAD5443-7194-46CC-A055-428E6ABB1BAF}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI en-->MsiExec.exe /I{793D1D88-6141-43DE-BE58-59BCE31B4090}
Adobe Flash CS4 STI-en-->MsiExec.exe /I{2168245A-B5AD-40D8-A641-48E3E070B5B6}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Additional Exporter-->MsiExec.exe /I{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}
Adobe Media Encoder CS4 Dolby-->MsiExec.exe /I{EE353798-E875-42E0-B58D-7E6696182EA8}
Adobe Media Encoder CS4 Exporter-->MsiExec.exe /I{561968FD-56A1-49FD-9ED0-F55482C7C5BC}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files CS4-->MsiExec.exe /I{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}
Adobe OnLocation CS4-->MsiExec.exe /I{7406DF60-016D-476B-A2C7-55D997592047}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Premiere Pro CS4 Functional Content-->MsiExec.exe /I{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}
Adobe Premiere Pro CS4 Third Party Content-->MsiExec.exe /I{C938BE91-3BB5-4B84-9EF6-88F0505D0038}
Adobe Premiere Pro CS4-->MsiExec.exe /I{D499F8DE-3F31-4900-9157-61061613704B}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Soundbooth CS4 Codecs-->MsiExec.exe /I{52232EF4-CC12-4C21-ABCF-ADB79618302D}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Alien Skin Snap Art-->C:\PROGRA~1\Adobe\ADOBEP~3\Plug-ins\ALIENS~1\SNAPAR~1\Unwise32.exe C:\PROGRA~1\Adobe\ADOBEP~3\Plug-ins\ALIENS~1\SNAPAR~1\INSTALL.LOG
Alps Pointing-device for VAIO-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 8.02-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Chartcross GPSTest-->"C:\Program Files\Chartcross\GPSTest\uninstall.exe"
Choice Guard-->MsiExec.exe /I{EBD5E7A9-DBB8-4E24-AE3A-CF9390AF1CCB}
ClipName-->rundll32.exe advpack.dll,LaunchINFSection C:\Windows\system32\ShellExt\clipname.inf, DefaultUnInstall
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DelinvFile - 3.03-->"C:\Program Files\PurgeIE\unins000.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
ffdshow [rev 2527] [2008-12-19]-->"C:\Program Files\ffdshow\unins000.exe"
Firefox Optimizers-->"C:\Program Files\Mozilla Firefox\Optimizers\unins000.exe"
GDR 3068 for SQL Server Analysis Services 2005 ENU (KB948109)-->C:\Windows\OLAP9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\Windows\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\Windows\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Handy Recovery-->MsiExec.exe /X{7DF9922B-68A1-4C26-AAF4-DCCC29EF91F8}
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200\UIU32m.exe -U -ISnSZIRXz.inf
HDD Regenerator-->MsiExec.exe /X{B7C076CA-126E-497C-8724-B589F54031AF}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Memory Stick Icon-->C:\PROGRA~1\UNWISE.EXE C:\PROGRA~1\INSTALL.LOG
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Analysis Services-->MsiExec.exe /I{982DB00A-9C4E-436B-8707-18E113BAA44C}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}
Microsoft SQL Server 2005 Books Online (English) (September 2007)-->MsiExec.exe /I{6FDD4688-E063-401D-B6BE-7234E20B9173}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{4D2DFB70-AECB-47BF-A895-3B3AA544934F}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{2373A92B-1C1C-4E71-B494-5CA97F96AA19}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{56B4002F-671C-49F4-984C-C760FE3806B5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MyPhoneExplorer-->C:\Program Files\MyPhoneExplorer\uninstall.exe
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PerfectDisk 10 Professional-->MsiExec.exe /I{7B738CD9-D107-48C7-8E65-2E6639A39C8D}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Visio 2007 (KB957831)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {DA824D83-D80E-47AE-9726-7F5E810330C8}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SopCast 3.0.3-->C:\Program Files\SopCast\uninst.exe
Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQLXML4-->MsiExec.exe /I{8415F660-5FDC-4601-97DD-43A783600F4B}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TightVNC 1.3.9-->"C:\Program Files\TightVNC\unins000.exe"
TortoiseSVN 1.5.7.15182 (32 bit)-->MsiExec.exe /X{27968397-2FC3-4D79-BD5D-E6AC44A263FE}
TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe
TVersity Media Server 1.0.0.5 RC3-->C:\Program Files\TVersity\Media Server\uninst.exe
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office InfoPath 2007 Help (KB957243)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {766DF26B-5F03-48ED-9307-5326F2790ED0}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb959634)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {50C77E2F-5C1C-467D-9BC8-3CA07D28C9F2}
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
VC_MergeModuleToMSI-->MsiExec.exe /I{900A92BA-19EF-4A34-86CF-7B6C85BDD971}
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{8984E374-6C93-427C-A3B9-AD92472FDCA0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Your Uninstaller! 2008 Version 6.2-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Kaspersky Anti-Virus
AS: Windows Defender
AS: Kaspersky Anti-Virus

System event log

Computer Name: william-PC.MIG.local
Event Code: 8
Message: The jobs in the print queue for printer Universal Document Converter were deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Record Number: 1055086
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090220160521.000000-000
Event Type: Warning
User: william-PC\william

Computer Name: william-PC.MIG.local
Event Code: 4
Message: Printer Universal Document Converter will be deleted. No user action is required.
To stop logging warning events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler warning events check box.
Record Number: 1055087
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090220160521.000000-000
Event Type: Warning
User: william-PC\william

Computer Name: william-PC.MIG.local
Event Code: 3
Message: Printer Universal Document Converter was deleted, and users will no longer be able to print to this printer. No user action is required.
To stop logging information events for the print spooler, in Control Panel, open Printers, right-click a blank area of the window, click Run as Administrator, click Server Properties, click the Advanced tab, and then clear the Log spooler information events check box.
Record Number: 1055088
Source Name: Microsoft-Windows-PrintSpooler
Time Written: 20090220160522.000000-000
Event Type: Warning
User: william-PC\william

Computer Name: william-PC.MIG.local
Event Code: 7036
Message: The Volume Shadow Copy service entered the stopped state.
Record Number: 1055089
Source Name: Service Control Manager
Time Written: 20090220160944.000000-000
Event Type: Information
User:

Computer Name: william-PC.MIG.local
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the stopped state.
Record Number: 1055090
Source Name: Service Control Manager
Time Written: 20090220161244.000000-000
Event Type: Information
User:

Application event log

Computer Name: william-PC.MIG.local
Event Code: 102
Message: msnmsgr (3876) \\.\C:\Users\william\AppData\Local\Microsoft\Messenger\mrwoll@hotmail.com\SharingMetadata\Working\database_8C2E_4047_2E40_2D10\dfsr.db: The database engine (6.00.6001.0000) started a new instance (0).
Record Number: 78972
Source Name: ESENT
Time Written: 20090220151751.000000-000
Event Type: Information
User:

Computer Name: william-PC.MIG.local
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {2fcc6c8d-bf22-4dff-9045-cf346a2e7fa1}
Record Number: 78973
Source Name: VSS
Time Written: 20090220155442.000000-000
Event Type: Error
User:

Computer Name: william-PC.MIG.local
Event Code: 8194
Message: Successfully created restore point (Process = C:\Program Files\Systweak\Advanced Vista Optimizer 2008\AvoRpAtUnInstall.exe Files\Systweak\Advanced Vista Optimizer 2008\AvoRpAtUnInstall.exe"; Description = A).
Record Number: 78974
Source Name: System Restore
Time Written: 20090220155516.000000-000
Event Type: Information
User:

Computer Name: william-PC.MIG.local
Event Code: 8194
Message: Successfully created restore point (Process = C:\Program Files\Systweak\Advanced Vista Optimizer 2008\AvoRpAtUnInstall.exe Files\Systweak\Advanced Vista Optimizer 2008\AvoRpAtUnInstall.exe"; Description = A).
Record Number: 78975
Source Name: System Restore
Time Written: 20090220155516.000000-000
Event Type: Information
User:

Computer Name: william-PC.MIG.local
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 78976
Source Name: VSS
Time Written: 20090220160944.000000-000
Event Type: Information
User:

Security event log

Computer Name: william-PC.MIG.local
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-3396281223-3898940217-2141298058-1000
Account Name: william
Account Domain: william-PC
Logon ID: 0x2cd5d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: william@mig
Account Domain: hostedservice2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: thhs2exbe2n2.hostedservice2.net
Additional Information: thhs2exbe2n2.hostedservice2.net

Process Information:
Process ID: 0x1060
Process Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 881202
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090214220015.763000-000
Event Type: Audit Success
User:

Computer Name: william-PC.MIG.local
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-3396281223-3898940217-2141298058-1000
Account Name: william
Account Domain: william-PC
Logon ID: 0x2cd5d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: william@mig
Account Domain: hostedservice2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: thhs2exbe1n1.hostedservice2.net
Additional Information: thhs2exbe1n1.hostedservice2.net

Process Information:
Process ID: 0x1060
Process Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 881203
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090214220017.311000-000
Event Type: Audit Success
User:

Computer Name: william-PC.MIG.local
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-3396281223-3898940217-2141298058-1000
Account Name: william
Account Domain: william-PC
Logon ID: 0x2cd5d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: william@mig
Account Domain: hostedservice2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: thhs2exbe1n1.hostedservice2.net
Additional Information: thhs2exbe1n1.hostedservice2.net

Process Information:
Process ID: 0x1060
Process Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 881204
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090214220018.314000-000
Event Type: Audit Success
User:

Computer Name: william-PC.MIG.local
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-3396281223-3898940217-2141298058-1000
Account Name: william
Account Domain: william-PC
Logon ID: 0x2cd5d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: william@mig
Account Domain: hostedservice2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: thhs2exbe1n1.hostedservice2.net
Additional Information: thhs2exbe1n1.hostedservice2.net

Process Information:
Process ID: 0x1060
Process Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 881205
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090214220116.136000-000
Event Type: Audit Success
User:

Computer Name: william-PC.MIG.local
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-21-3396281223-3898940217-2141298058-1000
Account Name: william
Account Domain: william-PC
Logon ID: 0x2cd5d
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: william@mig
Account Domain: hostedservice2
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: thhs2exbe2n2.hostedservice2.net
Additional Information: thhs2exbe2n2.hostedservice2.net

Process Information:
Process ID: 0x1060
Process Name: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 881206
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090214220116.572000-000
Event Type: Audit Success
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DEVMGR"=1
"FP_NO_HOST_CHECK"=NO
"lib"=C:\Program Files\SQLXML 4.0\bin\
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\TortoiseSVN\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------




Logfile of random's system information tool 1.05 (written by random/random)
Run by william at 2009-02-20 16:12:54
Microsoft® Windows Vista™ Business Service Pack 1
System drive C: has 56 GB (39%) free of 142 GB
Total RAM: 3070 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:28, on 20/02/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\william\AppData\Local\Apps\2.0\VV964JW7.OB8\3K3J6JMH.NXA\rapi..tion_beb8bcbf36015e49_0000.0001_73ca99bd24db9b2a\RapidShareManager.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\william\Desktop\RSIT.exe
C:\Program Files\trend micro\william.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MIG.local
O17 - HKLM\Software\..\Telephony: DomainName = MIG.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = MIG.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = MIG.local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = MIG.local
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 8929 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{A7E147AF-B630-4AC8-9AEA-35CEBCCEBCDA}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}]
ContributeBHO Class - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll [2008-09-10 136560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-07-29 62728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-05 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-02-22 401968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-05 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-06-10 118784]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-06-28 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-06-28 8429568]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-06-28 81920]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-06 206088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\system32\klogon.dll [2008-07-29 218376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\Windows\system32\VESWinlogon.dll [2007-07-24 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"DisableStartupSound"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1288f2de-ff31-11dd-953b-001a801b09a5}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fef7ca67-0c5a-11dd-98e5-806e6f6e6963}]
shell\AutoRun\command - D:\Autorun.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 2 months======

2009-02-20 16:12:55 ----D---- C:\Program Files\trend micro
2009-02-20 16:12:53 ----D---- C:\rsit
2009-02-17 12:11:44 ----D---- C:\Program Files\Common Files\SourceTec
2009-02-17 12:11:43 ----D---- C:\Program Files\SourceTec
2009-02-16 15:24:40 ----D---- C:\Users\william\AppData\Roaming\Systweak
2009-02-16 14:30:48 ----D---- C:\Program Files\CCleaner
2009-02-15 10:41:54 ----A---- C:\Windows\system32\mshtml.dll
2009-02-15 10:41:52 ----A---- C:\Windows\system32\ieframe.dll
2009-02-15 10:41:51 ----A---- C:\Windows\system32\urlmon.dll
2009-02-15 10:41:51 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-15 10:41:50 ----A---- C:\Windows\system32\wininet.dll
2009-02-15 10:41:49 ----A---- C:\Windows\system32\mstime.dll
2009-02-15 10:41:48 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-15 10:41:48 ----A---- C:\Windows\system32\iertutil.dll
2009-02-08 11:02:29 ----D---- C:\Users\william\AppData\Roaming\IObit
2009-02-08 11:02:28 ----D---- C:\Program Files\IObit
2009-02-08 11:00:29 ----D---- C:\Users\william\AppData\Roaming\URSoft
2009-02-08 11:00:25 ----D---- C:\Program Files\Your Uninstaller 2008
2009-02-07 15:39:42 ----D---- C:\Program Files\HDD Regenerator
2009-02-04 20:06:51 ----D---- C:\Windows\system32\logs
2009-02-04 20:06:29 ----D---- C:\Program Files\Common Files\MSSoap
2009-02-03 21:49:51 ----D---- C:\Program Files\Kaspersky Lab
2009-02-03 21:49:44 ----D---- C:\ProgramData\Kaspersky Lab
2009-02-03 20:27:06 ----D---- C:\ProgramData\Kaspersky Lab Setup Files
2009-02-03 14:53:36 ----D---- C:\Users\william\AppData\Roaming\TortoiseSVN
2009-02-03 14:48:59 ----D---- C:\Program Files\TortoiseSVN
2009-02-03 14:48:59 ----D---- C:\Program Files\Common Files\TortoiseOverlays
2009-01-30 08:35:55 ----A---- C:\Windows\system32\infocardapi.dll
2009-01-30 08:35:54 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-30 08:35:52 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-01-30 08:35:52 ----A---- C:\Windows\system32\icardres.dll
2009-01-30 08:35:52 ----A---- C:\Windows\system32\icardagt.exe
2009-01-30 08:35:50 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-01-30 08:35:48 ----A---- C:\Windows\system32\PresentationHost.exe
2009-01-30 07:57:11 ----A---- C:\Windows\system32\dfshim.dll
2009-01-30 07:57:06 ----A---- C:\Windows\system32\mscoree.dll
2009-01-30 07:57:03 ----A---- C:\Windows\system32\netfxperf.dll
2009-01-30 07:56:40 ----A---- C:\Windows\system32\mscorier.dll
2009-01-30 07:56:32 ----A---- C:\Windows\system32\mscories.dll
2009-01-29 20:01:10 ----D---- C:\Users\william\AppData\Roaming\Ashampoo
2009-01-29 20:00:46 ----D---- C:\ProgramData\ashampoo
2009-01-29 20:00:14 ----D---- C:\Program Files\Ashampoo
2009-01-17 14:18:09 ----D---- C:\ProgramData\TVU Networks
2009-01-13 22:16:13 ----D---- C:\Users\william\AppData\Roaming\Sun
2009-01-13 16:24:18 ----A---- C:\Windows\system32\PDBoot.exe
2008-12-30 21:06:42 ----D---- C:\ProgramData\Simply Super Software
2008-12-30 20:46:07 ----D---- C:\Users\william\AppData\Roaming\DelinvFile
2008-12-30 20:45:47 ----D---- C:\Program Files\PurgeIE
2008-12-30 13:04:49 ----A---- C:\Windows\rootkitno.ini
2008-12-30 13:04:47 ----A---- C:\Windows\system32\Reslog.txt
2008-12-30 12:54:54 ----A---- C:\Windows\system32\PARTIZAN.TXT
2008-12-30 12:51:07 ----RASHOT---- C:\Windows\winstart.bat
2008-12-30 12:50:46 ----D---- C:\Program Files\UnHackMe
2008-12-29 20:10:17 ----D---- C:\Users\william\AppData\Roaming\ppstream
2008-12-29 08:51:55 ----A---- C:\Windows\system32\un2065.txt
2008-12-29 08:51:55 ----A---- C:\Windows\system32\2065.txt
2008-12-29 00:53:43 ----A---- C:\Windows\system32\nvwssr.dll
2008-12-29 00:53:43 ----A---- C:\Windows\system32\nvwss.dll
2008-12-29 00:53:43 ----A---- C:\Windows\system32\nvwgf2um.dll
2008-12-29 00:53:43 ----A---- C:\Windows\system32\nvvitvsr.dll
2008-12-29 00:53:42 ----A---- C:\Windows\system32\nvvitvs.dll
2008-12-29 00:53:42 ----A---- C:\Windows\system32\nvudisp.exe
2008-12-29 00:53:42 ----A---- C:\Windows\system32\nvsvc.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvoglv32.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvmoblsr.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvmobls.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvmccssr.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvmccss.dll
2008-12-29 00:53:41 ----A---- C:\Windows\system32\nvmccsrs.dll
2008-12-29 00:53:40 ----A---- C:\Windows\system32\nvgamesr.dll
2008-12-29 00:53:40 ----A---- C:\Windows\system32\nvgames.dll
2008-12-29 00:53:39 ----A---- C:\Windows\system32\nvdispsr.dll
2008-12-29 00:53:38 ----A---- C:\Windows\system32\nvdisps.dll
2008-12-29 00:53:38 ----A---- C:\Windows\system32\nvd3dum.dll
2008-12-29 00:53:37 ----A---- C:\Windows\system32\nvcolor.exe
2008-12-29 00:53:37 ----A---- C:\Windows\system32\nvcodins.dll
2008-12-29 00:53:37 ----A---- C:\Windows\system32\nvcod.dll
2008-12-29 00:53:37 ----A---- C:\Windows\system32\nvapi.dll
2008-12-28 01:26:52 ----D---- C:\Windows\temp
2008-12-27 22:24:32 ----D---- C:\Program Files\TomTom HOME 2
2008-12-27 20:12:53 ----A---- C:\Windows\ErrRegDoc.txt
2008-12-26 07:59:47 ----D---- C:\Users\william\AppData\Roaming\TomTom
2008-12-23 15:25:07 ----D---- C:\Users\william\AppData\Roaming\Logitech
2008-12-23 15:23:03 ----D---- C:\Users\william\AppData\Roaming\Leadertech
2008-12-23 15:19:30 ----A---- C:\Windows\system32\BtCoreIf.dll
2008-12-23 15:19:22 ----A---- C:\Windows\system32\KemXML.dll
2008-12-23 15:19:22 ----A---- C:\Windows\system32\KemWnd.dll
2008-12-23 15:19:22 ----A---- C:\Windows\system32\kemutb.dll
2008-12-23 15:19:21 ----A---- C:\Windows\system32\KemUtil.dll
2008-12-23 15:18:45 ----D---- C:\ProgramData\Logitech
2008-12-23 10:05:00 ----D---- C:\Users\william\AppData\Roaming\Autodesk
2008-12-23 09:49:46 ----D---- C:\Program Files\Common Files\Autodesk Shared
2008-12-23 09:48:23 ----A---- C:\Windows\system32\d3dx9_34.dll
2008-12-23 09:48:23 ----A---- C:\Windows\system32\d3dx10_34.dll
2008-12-23 09:48:23 ----A---- C:\Windows\system32\D3DCompiler_34.dll
2008-12-23 09:48:22 ----A---- C:\Windows\system32\d3dx10.dll
2008-12-23 09:48:17 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-12-22 21:26:18 ----D---- C:\Program Files\SoftLogica
2008-12-22 20:23:22 ----D---- C:\Windows\system32\ShellExt
2008-12-21 23:43:49 ----A---- C:\Windows\system32\ztvunrar36.dll
2008-12-21 23:43:49 ----A---- C:\Windows\system32\ztvunace26.dll
2008-12-21 23:43:49 ----A---- C:\Windows\system32\ztvcabinet.dll
2008-12-21 23:43:49 ----A---- C:\Windows\system32\unrar3.dll
2008-12-21 23:43:49 ----A---- C:\Windows\system32\unacev2.dll
2008-12-21 23:43:46 ----D---- C:\Users\william\AppData\Roaming\Simply Super Software

======List of files/folders modified in the last 2 months======

2009-02-20 16:12:55 ----RD---- C:\Program Files
2009-02-20 16:05:25 ----RD---- C:\UDC Output Files
2009-02-20 16:05:22 ----D---- C:\Windows\System32
2009-02-20 15:55:13 ----SHD---- C:\System Volume Information
2009-02-20 15:22:49 ----D---- C:\Program Files\Mozilla Firefox
2009-02-20 15:17:32 ----D---- C:\Windows\inf
2009-02-20 09:47:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-20 09:33:28 ----D---- C:\Windows\Prefetch
2009-02-20 09:30:48 ----AD---- C:\Windows
2009-02-20 09:08:42 ----D---- C:\Windows\system32\config
2009-02-18 16:08:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-02-18 12:45:59 ----SHD---- C:\Windows\Installer
2009-02-18 12:45:59 ----SHD---- C:\Config.Msi
2009-02-18 12:44:12 ----D---- C:\Windows\Debug
2009-02-17 12:11:44 ----D---- C:\Program Files\Common Files
2009-02-16 14:33:16 ----D---- C:\Program Files\HijackThis
2009-02-16 14:30:18 ----AD---- C:\ProgramData\TEMP
2009-02-15 10:54:03 ----D---- C:\Windows\system32\catroot
2009-02-15 10:53:25 ----D---- C:\Windows\system32\drivers
2009-02-15 10:53:25 ----D---- C:\Program Files\Raxco
2009-02-15 10:51:57 ----D---- C:\Windows\winsxs
2009-02-15 10:46:24 ----D---- C:\ProgramData\Microsoft Help
2009-02-15 10:45:31 ----A---- C:\Windows\vbaddin.ini
2009-02-15 10:44:12 ----D---- C:\Program Files\Windows Mail
2009-02-15 10:40:33 ----D---- C:\Windows\system32\catroot2
2009-02-12 04:56:17 ----A---- C:\Windows\system32\mrt.exe
2009-02-08 13:29:05 ----D---- C:\Windows\Tasks
2009-02-08 13:23:28 ----HD---- C:\ProgramData
2009-02-08 11:40:46 ----D---- C:\Program Files\WinRAR
2009-02-08 11:02:45 ----D---- C:\Windows\system32\Tasks
2009-02-07 22:50:27 ----D---- C:\Windows\system32\LogFiles
2009-02-06 23:10:16 ----D---- C:\Windows\WindowsMobile
2009-02-06 17:58:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-05 20:31:17 ----RSD---- C:\Windows\assembly
2009-02-05 20:25:36 ----D---- C:\Program Files\Microsoft SQL Server
2009-02-05 14:17:33 ----D---- C:\Program Files\Internet Explorer
2009-02-05 14:17:26 ----D---- C:\Windows\Registration
2009-02-04 20:53:39 ----A---- C:\Windows\system32\txmlutil.dll
2009-02-04 08:03:56 ----D---- C:\Users\william\AppData\Roaming\Adobe
2009-02-03 14:51:24 ----D---- C:\Users\william\AppData\Roaming\Subversion
2009-02-02 12:17:04 ----D---- C:\Windows\Microsoft.NET
2009-02-02 09:50:41 ----D---- C:\Windows\rescache
2009-02-02 09:28:47 ----D---- C:\Windows\system32\XPSViewer
2009-02-02 09:28:47 ----D---- C:\Windows\system32\wbem
2009-02-02 09:28:47 ----D---- C:\Windows\system32\en-US
2009-01-29 22:05:53 ----D---- C:\Users\william\AppData\Roaming\dvdcss
2009-01-29 09:36:26 ----RSD---- C:\Windows\Fonts
2009-01-24 21:42:55 ----D---- C:\Program Files\Microsoft
2009-01-18 17:30:22 ----SD---- C:\Windows\Downloaded Program Files
2009-01-16 18:47:10 ----D---- C:\Windows\system32\spool
2009-01-15 20:53:16 ----D---- C:\Users\william\AppData\Roaming\MyPhoneExplorer
2009-01-12 12:01:37 ----A---- C:\Users\william\AppData\Roaming\SetValue.bat
2009-01-12 12:01:37 ----A---- C:\Users\william\AppData\Roaming\GetValue.vbs
2009-01-12 12:01:36 ----A---- C:\Windows\system32\tmp.txt
2008-12-31 18:55:16 ----D---- C:\ProgramData\Adobe
2008-12-30 22:15:09 ----SHD---- C:\$Recycle.Bin
2008-12-29 22:33:35 ----A---- C:\Windows\bdagent.INI
2008-12-28 19:41:00 ----D---- C:\ProgramData\FLEXnet
2008-12-28 01:26:33 ----D---- C:\Windows\system32\Msdtc
2008-12-28 01:26:33 ----D---- C:\Windows\Panther
2008-12-28 01:26:30 ----D---- C:\ProgramData\WLInstaller
2008-12-28 00:54:51 ----ASH---- C:\Program Files\desktop.ini
2008-12-24 01:03:47 ----A---- C:\Windows\system32\lgscroll.dll
2008-12-23 15:23:02 ----D---- C:\Program Files\Common Files\Logishrd
2008-12-23 15:18:38 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-22 20:22:08 ----D---- C:\Windows\Help
2008-12-22 20:18:33 ----D---- C:\Program Files\ffdshow

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720]
R1 DMICall;Sony DMI Call service; C:\Windows\system32\DRIVERS\DMICall.sys [2006-10-18 10216]
R1 ElRawDisk;ElRawDisk; \??\C:\Windows\system32\drivers\elrawdsk.sys [2008-04-17 12800]
R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-02-06 224272]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2008-10-03 5632]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-12-31 73312]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2009-01-09 71184]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2007-06-05 12672]
R2 RMCAST;RMCAST (Pgm) Protocol Driver; C:\Windows\system32\DRIVERS\RMCAST.sys [2008-05-10 113664]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-10 140800]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-05 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-05 207360]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-06-28 7115072]
R3 R5U870FLx86;R5U870 UVC Lower Filter ; C:\Windows\System32\Drivers\R5U870FLx86.sys [2007-06-28 75008]
R3 R5U870FUx86;R5U870 UVC Upper Filter ; C:\Windows\System32\Drivers\R5U870FUx86.sys [2007-06-28 43904]
R3 SNC;Sony Notebook Control Device; C:\Windows\System32\Drivers\SonyNC.sys [2000-11-10 48896]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-09-13 330240]
R3 tifm21;tifm21; C:\Windows\system32\drivers\tifm21.sys [2009-02-05 290816]
R3 usbvideo;R5U870 (UVC) ; C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-05 659968]
S3 ATE_PROCMON;ATE_PROCMON; C:\Windows\system32\drivers\ATE_PROCMON.sys []
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\drivers\BT.sys []
S3 btaudio;Bluetooth Audio Device; C:\Windows\system32\drivers\btaudio.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\system32\drivers\Btcsrusb.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\Windows\system32\drivers\BTDriver.sys []
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\Windows\system32\drivers\BTWDNDIS.sys []
S3 btwhid;btwhid; C:\Windows\system32\drivers\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\Windows\system32\drivers\BTWUSB.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\Windows\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 DNE;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2008-06-04 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2008-06-04 21672]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-08-17 101376]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 moufiltr;Mouse Filter; C:\Windows\system32\DRIVERS\moufiltr.sys [2007-01-09 6144]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-02 1781760]
S3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2008-03-13 2555392]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RDID1046;EDIROL UA-25; C:\Windows\system32\Drivers\rdwm1046.sys [2004-04-02 163390]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s117bus;Sony Ericsson Device 117 driver (WDM); C:\Windows\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); C:\Windows\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); C:\Windows\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 s217bus;Sony Ericsson Device 217 driver (WDM); C:\Windows\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\Windows\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\Windows\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\Windows\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\Windows\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]
S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\Windows\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\Windows\system32\DRIVERS\s616unic.sys [2007-04-03 99080]
S3 smbusp;Intel® SMBus 2.0 Driver; C:\Windows\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\Windows\system32\drivers\tbhsd.sys [2007-12-11 26784]
S3 ti21sony;ti21sony; C:\Windows\system32\drivers\ti21sony.sys [2007-11-06 808448]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-19 15872]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-19 73088]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2008-01-19 31616]
S4 BtHidBus;Bluetooth HID Bus Service; C:\Windows\system32\drivers\BtHidBus.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 ASTSRV;Nalpeiron Licensing Service; C:\Windows\system32\ASTSRV.EXE [2008-05-19 57344]
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2009-02-06 206088]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-10-02 860160]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 msftesql;SQL Server FullText Search (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2007-06-22 95592]
R2 MSSQLSERVER;SQL Server (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2008-11-24 14951264]
R2 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe [2009-01-13 918792]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-10-02 466944]
R2 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2008-11-24 346976]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 STacSV;SigmaTel Audio Service; C:\Windows\system32\stacsv.exe [2007-09-13 102400]
R2 UmRdpService;Terminal Services UserMode Port Redirector; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2007-02-13 182392]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 winvnc;VNC Server; C:\Program Files\TightVNC\WinVNC.exe [2007-05-07 589824]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-06 72704]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-11-04 288112]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-01 655624]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe [2009-01-13 1021192]
S3 TVersityMediaServer;TVersityMediaServer; C:\Program Files\TVersity\Media Server\MediaServer.exe [2008-09-27 811008]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S4 avgagent;AVG7 Remote Support Service (AvgAgent); avgagent.exe /srvfsys []
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2007-02-22 2808664]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]

-----------------EOF-----------------

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:43 PM

Posted 20 February 2009 - 08:04 PM

Is this a business computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask because I do not help in cleaning business or corporate computers for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 mrwoll

mrwoll
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 21 February 2009 - 07:43 AM

Hi,

Yes this is a work computer. However I think the event id issues I am getting are problems only with win vista (volmgr for instance).

Does this mean I shall not be receiving advise?

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:43 PM

Posted 21 February 2009 - 01:34 PM

I am sorry but I do not work on business computers. If you think it is a problem with Vista, please see Windows Vista Solution Center.

I am getting a lot of errors in Vista Event Viewer which I suspect are causing my BSOD's and screen freezes.


Please post your question(s) regarding errors in Vista Event Viewer in BleepingComputer's Computer Forum, Windows XP Home and Professional, where the computer experts may help you. My expertise is dealing with malware and I prefer that you get the help of computer expert(s) in answering your question(s) and/or solving your problem(s). Please include a link to this thread.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:07:43 PM

Posted 01 March 2009 - 06:53 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users