MalwareCrypt
October 26, 2014, 02:26:12 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
News:
 
   Home   Help Search Login Register  
Pages: [1] 2
  Print  
Author Topic: fake online scan warning  (Read 4391 times)
karlanz
Newbie
*
Posts: 14


« on: December 11, 2010, 06:03:13 PM »

Hi,
Two weeks or so ago I had a pop-up fake online scan warning. I shut down the computer, thinking that this was the only way to exit the warnings. Following this I used Ccleaner, and F-Prot, but didn't come up with anything, so I hoped that I had had a clean escape.

Today, however, an F-Prot scan has picked up and quarantined five files in which malware (W32/MalwareF.GMXU, W32/MalwareS.BJBR) has been detected. 

Any suggestions would be greatly appreciated.

The following is the copy of the dds.txt:


DDS (Ver_10-12-12.01) - NTFSx86 
Run by karla at 12:29:37.70 on Sun 12/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional  5.1.2600.2.1252.64.1033.18.1014.154 [GMT 13:00]

AV: F-PROT Antivirus for Windows *Enabled/Updated* {3F8BAFFE-D251-4DC6-ACF9-81FDF61FB9C9}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\karla\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://vaio-online.sony.com/
uInternet Settings,ProxyServer = 192.168.1.2:3128
uSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: PE_IE_Helper Class: {0941c58f-e461-4e03-bd7d-44c27392ade1} - c:\program files\ibm\lotus forms\viewer\3.0\PEhelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\karla\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [KiesTrayAgent]
uRun: [RockMelt Update] "c:\documents and settings\karla\local settings\application data\rockmelt\update\RockMeltUpdate.exe" /c
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\d-link\dsl-200\dslagent.exe
mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe
mRun: [F-PROT Antivirus Tray application] c:\program files\frisk software\f-prot antivirus for windows\FProtTray.exe
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
TCP: {5971A73B-0BD7-459E-A4DC-8045EE5DA957} = 202.27.184.3,202.27.184.5
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 10.1.1.100   k

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?refresh=1|http://en.wikipedia.org/wiki/HTML5|http://www.html5rocks.com/|http://bigthink.com/|http://www.stuff.co.nz/national/stuff-quizzes/|http://www.lovatts.com.au/news/puzzles-comps/daily-cryptic-crossword/|http://www.valleyweb.co.nz/
FF - plugin: c:\documents and settings\karla\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\karla\local settings\application data\rockmelt\update\1.2.189.1\npRockMeltOneClick8.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmfv.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - Extension: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Extension: ScribeFire: {F807FACD-E46A-4793-B345-D58CB177673C} - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\firebug@software.joehewitt.com
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Extension: ShowIP: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} - c:\docume~1\karla\applic~1\mozilla\firefox\profiles\w1dhbj9b.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 FPAV_RTP;FPAV_RTP;c:\windows\system32\drivers\FStopW.sys [2007-11-1 700632]
R2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2009-12-22 95568]
R2 FPAVServer;F-PROT Antivirus for Windows system;c:\program files\frisk software\f-prot antivirus for windows\FPAVServer.exe [2010-11-3 83624]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-9-30 217088]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-9-30 36640]
S3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-3-30 29184]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2010-9-30 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2010-9-30 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2010-9-30 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\drivers\ss_bserd.sys [2010-9-30 100224]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-31 1120960]
S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [2009-12-30 89728]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port;c:\windows\system32\drivers\zgwhsdiag.sys [2009-10-7 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem;c:\windows\system32\drivers\zgwhsmdm.sys [2009-10-7 105216]

=============== Created Last 30 ================

2010-12-09 02:58:04   1409   ----a-w-   c:\windows\QTFont.for
2010-12-07 07:33:19   --------   d-----w-   c:\docume~1\karla\locals~1\applic~1\RockMelt
2010-12-01 21:37:26   --------   d-----w-   c:\program files\MSECache

==================== Find3M  ====================


============= FINISH: 12:30:43.45 ===============
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #1 on: December 11, 2010, 09:15:25 PM »

Welcome to Malware Crypt karlanz,

The malware names F-Prot used really doesn't say much, as far as getting a handle on what the files are. With your next reply here, see if you can get some type of F-Prot log, so you can post the file names, and hopefully what folder F-Prot moved them from.


Quote
Two weeks or so ago I had a pop-up fake online scan warning. I shut down the computer, thinking that this was the only way to exit the warnings. Following this I used Ccleaner, and F-Prot, but didn't come up with anything


Those often are just files saved to your browser's temp files folder, so your choice to shut down very likely kept an malware downloaders a chance to run. At times a reboot gains an advantage for the malware being installed, and can cause disk/file system problems. If you do the Emergency First Aid for Computer Infections steps shown here, you will then be ready should the problem occur again.


As for this log posted, the only suspect item is that 192.168.1.2:3128. Lately, malware packages have included a proxy setting that appears to loop back to the computer. I have assumed that obscures the actual Internet access the malware is using. Bit of a guess on that though.

The log also shows what appears to be some active components of left from some past partial uninstall.

Let's get a better detailed check of things, then decide on what repairs you need there.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.



  Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If RSIT downloads/installs HijackThis be sure to agree to the install of that.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). 

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document.  Once the file is created, open it and rightclick again and choose Paste.  Copy the information and post it here please.

-------------

Also download Gmer's mbr.exe from here and place it on your C drive (so the file is then C:\mbr.exe).

Go to Start - Run, type cmd (and press OK). At the prompt type or copy/paste the following, pressing Enter after each:

cd\

mbr.exe -t


Then type exit and press Enter to close the command window.

The report created in the command window will have been saved to C:\mbr.log. Locate that and post it here please.

A lot of posting, but a good comprehensive look at things there.
Logged
karlanz
Newbie
*
Posts: 14


« Reply #2 on: December 13, 2010, 02:34:42 PM »

Kia Ora Jantin,
thanks for your reply, and for a way to start on recovery  Smiley

Following are the logs you asked for.  However, I was unable to run the GMER program, I tried twice but get a "bad_pool_header" error, and shutdown. Windows reporting says that this is caused by a device driver.
I've managed to get a f-prot log also, just posting this from the first time a virus was found and quarantined, on 12th. Sorry these are quite long~

F-prot first:
14/12/2010   9:20:53 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   9:20:51 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   9:13:34 a.m.   VzRs   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VzRs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:13:32 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample
14/12/2010   9:13:32 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
D:\Contents
14/12/2010   9:13:22 a.m.   VzFw   Information   None   1   N/A   KARLA_LAPTOP   Service started.
14/12/2010   9:13:22 a.m.   VzFw   Error   None   108   N/A   KARLA_LAPTOP   Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples
14/12/2010   9:13:10 a.m.   SecurityCenter   Information   None   1800   N/A   KARLA_LAPTOP   The Windows Security Center Service has started.
14/12/2010   9:13:07 a.m.   VAIO Event Service   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VAIO Event Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:12:55 a.m.   RegSrvc   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:12:34 a.m.   EvtEng   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:09:27 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   9:09:24 a.m.   VzRs   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VzRs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:09:23 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   9:09:23 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample
14/12/2010   9:09:23 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
D:\Contents
14/12/2010   9:09:18 a.m.   VzFw   Information   None   1   N/A   KARLA_LAPTOP   Service started.
14/12/2010   9:09:18 a.m.   VzFw   Error   None   108   N/A   KARLA_LAPTOP   Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples
14/12/2010   9:09:11 a.m.   SecurityCenter   Information   None   1800   N/A   KARLA_LAPTOP   The Windows Security Center Service has started.
14/12/2010   9:09:10 a.m.   VAIO Event Service   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VAIO Event Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:08:58 a.m.   RegSrvc   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   9:08:23 a.m.   EvtEng   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ9.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ9.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ8.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ8.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\TEMP\FPQ6.tmp

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\TEMP\FPQ6.tmp->(NSIS)

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ5.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ5.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:04:13 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   8:04:11 a.m.   FPAVServer.exe   Warning   Driver    3   N/A   KARLA_LAPTOP   The OAS driver was deactivated.
14/12/2010   8:04:11 a.m.   F-PROT Antivirus   Information   Updater    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Virus signature file successfully updated

For more information please visit http://www.f-prot.com/support/index.html
14/12/2010   8:02:01 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   8:02:01 a.m.   VzRs   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VzRs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   8:01:58 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
14/12/2010   8:01:55 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample
14/12/2010   8:01:55 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
D:\Contents
14/12/2010   8:01:50 a.m.   VzFw   Information   None   1   N/A   KARLA_LAPTOP   Service started.
14/12/2010   8:01:50 a.m.   VzFw   Error   None   108   N/A   KARLA_LAPTOP   Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples
14/12/2010   8:01:45 a.m.   VAIO Event Service   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VAIO Event Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   8:01:44 a.m.   SecurityCenter   Information   None   1800   N/A   KARLA_LAPTOP   The Windows Security Center Service has started.
14/12/2010   8:01:36 a.m.   RegSrvc   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
14/12/2010   8:00:54 a.m.   EvtEng   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
13/12/2010   11:12:44 p.m.   Userenv   Warning   None   1517   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Windows saved user KARLA_LAPTOP\karla registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6D.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6D.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6C.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6C.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6B.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:44 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6B.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6A.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ6A.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ69.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ69.tmp, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\TEMP\FPQ68.tmp

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\TEMP\FPQ68.tmp->(NSIS)

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ67.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\TEMP\FPQ67.tmp, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   3:31:43 p.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
13/12/2010   3:31:41 p.m.   FPAVServer.exe   Warning   Driver    3   N/A   KARLA_LAPTOP   The OAS driver was deactivated.
13/12/2010   3:31:41 p.m.   F-PROT Antivirus   Information   Updater    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Virus signature file successfully updated

For more information please visit http://www.f-prot.com/support/index.html
13/12/2010   7:37:29 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
13/12/2010   7:37:27 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
13/12/2010   7:37:18 a.m.   VzRs   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VzRs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
13/12/2010   7:37:17 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample
13/12/2010   7:37:17 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
D:\Contents
13/12/2010   7:37:16 a.m.   VzFw   Information   None   1   N/A   KARLA_LAPTOP   Service started.
13/12/2010   7:37:16 a.m.   VzFw   Error   None   108   N/A   KARLA_LAPTOP   Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples
13/12/2010   7:37:09 a.m.   VAIO Event Service   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VAIO Event Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
13/12/2010   7:37:07 a.m.   SecurityCenter   Information   None   1800   N/A   KARLA_LAPTOP   The Windows Security Center Service has started.
13/12/2010   7:36:56 a.m.   RegSrvc   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
13/12/2010   7:36:34 a.m.   EvtEng   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
12/12/2010   10:31:07 p.m.   Userenv   Warning   None   1517   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Windows saved user KARLA_LAPTOP\karla registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
12/12/2010   11:02:53 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   A virus scan ended. Scan duration: 1:23:44

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:43:01 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:43:01 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:42:52 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\WINDOWS\system32\drivers\pccsmcfd.sys quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:42:52 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\system32\drivers\pccsmcfd.sys, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:41:45 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\WINDOWS\SOUNDMAN.EXE quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:41:45 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\WINDOWS\SOUNDMAN.EXE, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:39:01 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1033.dat.bak

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:39:01 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\WINDOWS\pchealth\helpctr\Config\Cache\Professional_32_1028.dat.bak

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:16:26 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\Program Files\Realtek\InstallShield\SoundMan.exe quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:16:26 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\Program Files\Realtek\InstallShield\SoundMan.exe, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:15:31 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\Program Files\PC Connectivity Solution\pccsmcfd.sys quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   10:15:31 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\Program Files\PC Connectivity Solution\pccsmcfd.sys, infected with W32/MalwareF.GMXU

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:56:37 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe->(NSIS) quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:56:37 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:56:37 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe->(NSIS)

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:51:41 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   File C:\Drivers\Audio\WDM\SoundMan.exe quarantined

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:51:40 a.m.   F-PROT Antivirus   Warning   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Found file, C:\Drivers\Audio\WDM\SoundMan.exe, infected with W32/MalwareS.BJBR

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:51:26 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\uowkfmv7.default\Cache\F60B3AE7d01

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:51:24 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\nathan\Local Settings\Application Data\Mozilla\Firefox\Profiles\uowkfmv7.default\Cache\22CB8813d01

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:46:45 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\RockMelt\User Data\1316037414\Cache\f_00004d

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:46:45 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\RockMelt\User Data\1316037414\Cache\f_00004b

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:46:00 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Mozilla\Firefox\Profiles\w1dhbj9b.default\Cache\C67FA4F6d01

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:21 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0003c4

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:21 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0003bf

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:21 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0003bd

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:18 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000300

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:09 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e8

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   9:45:09 a.m.   F-PROT Antivirus   Information   Scanner    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   An unknown error occured while scanning file C:\Documents and Settings\karla\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0000e7

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   8:24:21 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
12/12/2010   8:24:19 a.m.   FPAVServer.exe   Warning   Driver    3   N/A   KARLA_LAPTOP   The OAS driver was deactivated.
12/12/2010   8:24:19 a.m.   F-PROT Antivirus   Information   Updater    4096   NT AUTHORITY\SYSTEM   KARLA_LAPTOP   Virus signature file successfully updated

For more information please visit http://www.f-prot.com/support/index.html
12/12/2010   8:21:29 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
12/12/2010   8:21:27 a.m.   FPAVServer.exe   Information   Driver    1   N/A   KARLA_LAPTOP   The OAS driver is running.
12/12/2010   8:21:20 a.m.   VzRs   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VzRs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
12/12/2010   8:21:19 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
C:\Documents and Settings\All Users\Application Data\Sony Corporation\VAIO Sample
12/12/2010   8:21:19 a.m.   VzFw   Information   None   107   N/A   KARLA_LAPTOP   Started monitoring folder.
D:\Contents
12/12/2010   8:21:18 a.m.   VzFw   Information   None   1   N/A   KARLA_LAPTOP   Service started.
12/12/2010   8:21:18 a.m.   VzFw   Error   None   108   N/A   KARLA_LAPTOP   Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples
12/12/2010   8:21:09 a.m.   VAIO Event Service   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( VAIO Event Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
12/12/2010   8:21:06 a.m.   SecurityCenter   Information   None   1800   N/A   KARLA_LAPTOP   The Windows Security Center Service has started.
12/12/2010   8:20:57 a.m.   RegSrvc   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( RegSrvc ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
12/12/2010   8:20:35 a.m.   EvtEng   Information   None   0   N/A   KARLA_LAPTOP   The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
Logged
karlanz
Newbie
*
Posts: 14


« Reply #3 on: December 13, 2010, 02:36:25 PM »

From RSIT, the first log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by karla at 2010-12-14 09:02:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 10 GB (35%) free of 29 GB
Total RAM: 1014 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:02:51 a.m., on 14/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\system32\dgdersvc.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\karla\Local Settings\Application Data\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\karla\Desktop\RSIT.exe
C:\Program Files\trend micro\karla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.2:3128
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [F-PROT Antivirus Tray application] C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\karla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RockMelt Update] "C:\Documents and Settings\karla\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/
O17 - HKLM\System\CCS\Services\Tcpip\..\{5971A73B-0BD7-459E-A4DC-8045EE5DA957}: NameServer = 202.27.184.3,202.27.184.5
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Device Error Recovery Service (dgdersvc) - Devguru Co., Ltd. - C:\WINDOWS\system32\dgdersvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-PROT Antivirus for Windows system (FPAVServer) - FRISK Software International - C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe
O24 - Desktop Component 1: (no name) - (no file)

--
End of file - 11269 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\F-PROT Antivirus - weekly.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-118975444-241415829-1691986589-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-118975444-241415829-1691986589-1005UA.job
C:\WINDOWS\tasks\jucheck.job
C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-118975444-241415829-1691986589-1005Core.job
C:\WINDOWS\tasks\RockMeltUpdateTaskUserS-1-5-21-118975444-241415829-1691986589-1005UA.job
C:\WINDOWS\tasks\SyncToy 2.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0941C58F-E461-4E03-BD7D-44C27392ADE1}]
PE_IE_Helper Class - C:\Program Files\IBM\Lotus Forms\Viewer\3.0\PEhelper.dll [2008-01-17 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-20 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-20 1262888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-11-18 118784]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-08-05 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-08-05 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-08-05 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-08-09 14743552]
"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2002-03-15 45056]
"SonyPowerCfg"=C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2005-10-20 184320]
"ISBMgr.exe"=C:\Program Files\Sony\ISB Utility\ISBMgr.exe [2004-02-21 32768]
"DSLSTATEXE"=C:\Program Files\D-Link\DSL-200\dslstat.exe [2005-01-21 356352]
"DSLAGENTEXE"=C:\Program Files\D-Link\DSL-200\dslagent.exe [2005-01-21 16384]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"F-PROT Antivirus Tray application"=C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FProtTray.exe [2010-07-05 1674032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"Google Update"=C:\Documents and Settings\karla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 133104]
"KiesTrayAgent"= []
"RockMelt Update"=C:\Documents and Settings\karla\Local Settings\Application Data\RockMelt\Update\RockMeltUpdate.exe [2010-12-07 136336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\karla\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\masqform.exe]
C:\Program Files\IBM\Lotus Forms\Viewer\3.0\masqform.exe [2008-06-04 999424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2004-10-14 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe [2002-12-16 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [2003-03-31 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [2005-10-12 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-13 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-07 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^karla^Start Menu^Programs^Startup^PowerMenu.lnk]
C:\PROGRA~1\POWERM~1\POWERM~1.EXE [2002-12-20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-08-05 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\VESWinlogon]
C:\WINDOWS\system32\VESWinlogon.dll [2005-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-05 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FPAVServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\FPAVServer]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sony\VAIO Media 5.0\Vc.exe"="C:\Program Files\Sony\VAIO Media 5.0\Vc.exe:*:Disabled:[VAIO Media] VAIO Media"
"C:\Program Files\Chami\HTML-Kit\Bin\HTMLKit.exe"="C:\Program Files\Chami\HTML-Kit\Bin\HTMLKit.exe:*:Enabled:HTML-Kit"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Disabled:javaw"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Java\jdk1.6.0\bin\java.exe"="C:\Program Files\Java\jdk1.6.0\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jdk1.6.0\jre\bin\java.exe"="C:\Program Files\Java\jdk1.6.0\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\karla\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\karla\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\gnucash\bin\gnucash-bin.exe"="C:\Program Files\gnucash\bin\gnucash-bin.exe:*:Enabled:GnuCash Free Finance Manager"
"C:\Program Files\gnucash\bin\gconfd-2.exe"="C:\Program Files\gnucash\bin\gconfd-2.exe:*:Enabled:GConf Settings Manager"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\WINDOWS\system32\muzapp.exe"="C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-12-14 09:02:35 ----D---- C:\Program Files\trend micro
2010-12-14 09:02:33 ----D---- C:\rsit
2010-12-02 10:37:26 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 1 months======

2010-12-14 09:02:35 ----RD---- C:\Program Files
2010-12-14 08:44:59 ----D---- C:\WINDOWS\Temp
2010-12-14 08:04:14 ----D---- C:\WINDOWS\system32\drivers
2010-12-14 08:04:13 ----D---- C:\Program Files\PC Connectivity Solution
2010-12-14 08:02:32 ----D---- C:\WINDOWS\Prefetch
2010-12-13 23:12:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-13 07:47:41 ----D---- C:\WINDOWS\system32\Lang
2010-12-12 12:17:07 ----D---- C:\Program Files\Hijackthis
2010-12-12 10:41:45 ----D---- C:\WINDOWS
2010-12-12 09:08:22 ----D---- C:\Program Files\Mozilla Firefox
2010-12-07 20:33:24 ----SD---- C:\WINDOWS\Tasks
2010-12-03 16:25:32 ----D---- C:\Documents and Settings\karla\Application Data\FileZilla
2010-12-03 08:40:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-03 08:40:10 ----HD---- C:\WINDOWS\inf
2010-12-02 10:43:04 ----D---- C:\Documents and Settings\karla\Application Data\OpenOffice.org2
2010-12-02 10:37:51 ----SHD---- C:\WINDOWS\Installer
2010-12-02 10:37:46 ----RSD---- C:\WINDOWS\Fonts
2010-12-02 10:37:41 ----D---- C:\Program Files\Microsoft Office
2010-12-02 10:37:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-29 11:13:51 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-26 07:04:02 ----D---- C:\Documents and Settings\karla\Application Data\mIRC
2010-11-26 06:29:18 ----D---- C:\Program Files\mIRC
2010-11-24 20:59:57 ----D---- C:\WINDOWS\pss
2010-11-18 09:37:07 ----D---- C:\Documents and Settings\karla\Application Data\gtk-2.0
2010-11-16 07:47:34 ----DC---- C:\WINDOWS\system32\DRVSTORE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 FPAV_RTP;FPAV_RTP; C:\WINDOWS\system32\drivers\FStopW.sys [2010-09-22 700632]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-05 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-21 44944]
R1 DMICall;Sony DMI Call service; C:\WINDOWS\system32\DRIVERS\DMICall.sys [2000-12-06 3952]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 36096]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-31 17801]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-22 8064]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-07-23 11354]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-01-01 19200]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-22 108767]
R3 dgderdrv;dgderdrv; C:\WINDOWS\System32\drivers\dgderdrv.sys [2009-12-22 18136]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-13 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-18 202112]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-08-05 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-08-09 3855360]
R3 LEX_AS_NIC_SERVICE_YNOS;LAN-Express AS IEEE 802.11g Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ExpasAG.sys [2005-01-05 394656]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SNC;Sony Notebook Control Device; C:\WINDOWS\System32\Drivers\SonyNC.sys [2000-11-09 48896]
R3 tifmsony;tifmsony; C:\WINDOWS\system32\drivers\tifmsony.sys [2006-02-21 77824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-05 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2004-08-03 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-05 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SonyImgF;Sony Image Conversion Filter Driver; C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2005-12-27 29184]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
S3 ss_bserd;SAMSUNG USB Mobile Logging Driver; C:\WINDOWS\system32\DRIVERS\ss_bserd.sys [2009-09-19 100224]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvm321;Sony Visual Communication Camera VGP-VCC1; C:\WINDOWS\System32\Drivers\usbvm321.sys [2005-11-30 232448]
S3 USBVSP;USBVSP; C:\WINDOWS\system32\drivers\Usbvsp.sys [2003-09-08 89728]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2005-07-20 3289088]
S3 wanusb;D-Link DSL-200 USB ADSL Modem(WAN); C:\WINDOWS\system32\DRIVERS\gwausb.sys [2005-01-21 150369]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 zgwhsdiag;ZTE WCDMA Handset Diagnostic Port; C:\WINDOWS\system32\DRIVERS\zgwhsdiag.sys [2009-03-15 105216]
S3 zgwhsmdm;ZTE WCDMA Handset USB Modem; C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys [2009-03-15 105216]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 dgdersvc;Device Error Recovery Service; C:\WINDOWS\system32\dgdersvc.exe [2009-12-22 95568]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-23 86016]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-23 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-23 372809]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2005-05-21 153600]
R2 VzCdbSvc;VAIO Entertainment Database Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2005-11-29 131072]
R2 VzFw;VAIO Entertainment File Import Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2005-11-29 118784]
R3 VAIO Entertainment Aggregation and Control Service;VAIO Entertainment Aggregation and Control Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe [2005-02-10 143360]
R3 Vcsw;VAIO Entertainment UPnP Client Adapter; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2005-11-29 270336]
S2 FPAVServer;F-PROT Antivirus for Windows system; C:\Program Files\FRISK Software\F-PROT Antivirus for Windows\FPAVServer.exe [2010-11-03 83624]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-15 32768]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-25 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-25 53337]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-08-01 65536]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-25 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-07 69632]
S3 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2006-03-31 1120960]
S3 VAIO Entertainment Task Scheduler;VAIO Entertainment Task Scheduler; C:\Program Files\Sony\VAIO Entertainment\VzTaskScheduler.exe [2005-02-11 397312]
S3 VAIO Entertainment TV Device Arbitration Service;VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe [2005-11-26 73728]
S3 VAIOMediaPlatform-IntegratedServer-AppServer;VAIO Media Integrated Server; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2006-01-17 2084864]
S3 VAIOMediaPlatform-IntegratedServer-HTTP;VAIO Media Integrated Server (HTTP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2005-10-12 57344]
S3 VAIOMediaPlatform-IntegratedServer-UPnP;VAIO Media Integrated Server (UPnP); C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2005-10-12 770048]
S3 VAIOMediaPlatform-Mobile-Gateway;VAIO Media Gateway Server; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe [2005-12-22 155648]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe [2008-04-17 5750784]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Logged
karlanz
Newbie
*
Posts: 14


« Reply #4 on: December 13, 2010, 02:37:37 PM »

The second log, from RSIt:
info.txt logfile of random's system information tool 1.08 2010-12-14 09:02:55

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD836E74-7923-4174-A055-F97CD0F3BB46}\setup.exe" -l0x9  -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AFPL Ghostscript 8.54-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Cashbook Complete-->C:\CASHBOOK\Uninstal.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"
Click to DVD 2.0.03 Menu Data-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E407618-D9CD-4F39-9490-9ED45294073D}\setup.exe" -l0x9  -removeonly
Click to DVD 2.5.20-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E809063C-51A3-4269-8984-D1EB742F2151}\setup.exe" -l0x9  -removeonly
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
D-Link DSL-200 ADSL Modem-->C:\Program Files\D-Link\DSL-200\uninstall.exe
DVgate Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{685BCC47-B8EC-45EC-BBCE-77DF2451502C}\setup.exe" -l0x9
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9  -removeonly
EnGraph QuickTimeKiller-->MsiExec.exe /I{3F854FE1-FC68-4D80-9AF2-439B6981F24A}
FeedReader-->"C:\Program Files\FeedReader30\unins000.exe"
FileZilla Client 3.3.3-->C:\Program Files\FileZilla FTP Client\uninstall.exe
F-PROT Antivirus for Windows-->MsiExec.exe /I{E58B329B-FB28-4874-90DE-0D7CB2709267}
F-PROT Antivirus Updater Fix-->MsiExec.exe /I{F8A3A6BC-D68F-445B-B1BA-6F03A4352865}
GIMP 2.6.8-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
GnuCash 2.3.3-->"C:\Program Files\gnucash\uninstall\gnucash\unins000.exe"
Google Earth-->MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GSview 4.8-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.10.6-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\setup\unins000.exe"
HDAUDIO SoftV92 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003\HXFSETUP.EXE -U -ISnyHDANk.inf
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1-->C:\Program Files\Hijackthis\HijackThis.exe /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
hp LaserJet 1010 Series-->MsiExec.exe /x {292C47B2-8DB7-47BF-896C-C3C5EE8108C4}
HTML-Kit-->"C:\Program Files\Chami\HTML-Kit\unins000.exe"
IBM Lotus Forms Viewer 3.0-->MsiExec.exe /X{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73B}
Image Converter 2 Plus-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63B8FB69-A1B6-425D-B67D-5257B7A1F663}\setup.exe" -l0x9  /CONPANE
Indeo® Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ligos\Indeo\Uninst.isu" -c"C:\Program Files\Ligos\Indeo\Indeo System Files\indounin.dll"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel RSX 3D-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\system32\DeIsL1.isu
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD for VAIO-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
InterVideo WinDVDX-->"C:\Program Files\InstallShield Installation Information\{1A91D1FA-B9B3-4556-9878-5C61059A19B2}\setup.exe" REMOVEALL
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JGoodies JDiskReport 1.3.1-->"C:\Program Files\JGoodies\JDiskReport 1.3.1\uninstall.exe"
Kies-->"C:\Program Files\InstallShield Installation Information\{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}\Setup.exe" -runfromtemp -l0x0409 -removeonly
Kies-->MsiExec.exe /X{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}
KompoZer 0.8b3-->"C:\Program Files\KompoZer\unins000.exe"
LAN-Express AS IEEE 802.11 Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}\Setup.exe" -l0x9
LiveUpdate 2.7 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Memory Stick Formatter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27337663-2619-11D4-99DC-0000F49094C7}\Setup.exe" -l0x9 /UNINSTALL
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft GB18030 Support Package-->MsiExec.exe /I{DEBACE7E-5DD1-42DB-AFE7-2B60E7CC80A8}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{40280409-6000-11D3-8CFE-0050048383C9}
Microsoft Sync Framework Runtime v1.0 (x86)-->MsiExec.exe /I{A8BD5A60-E843-46DC-8271-ABF20756BE0F}
Microsoft Sync Framework Services v1.0 (x86)-->MsiExec.exe /I{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Miuchiz - Planet Mion-->C:\PROGRA~1\Miuchiz\UNWISE.EXE C:\PROGRA~1\Miuchiz\INSTALL.LOG
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla ActiveX Control v1.7.7-->C:\Program Files\Mozilla ActiveX Control v1.7.7\uninst.exe
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyFreeCodec-->C:\Program Files\MyFree Codec\1.0b beta\uninstall.exe
NetBeans IDE 5.5-->C:\Program Files\netbeans-5.5\_uninst\uninstaller.exe
Nokia Connectivity Adapter Cable DKU-5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1BA3CD5-89DC-4273-8603-A75F33E9B335}\Setup.exe" -l0x9
Nokia Connectivity Cable Driver-->MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_APAC.exe /LANG="2057"
Nokia PC Suite-->MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe"
OpenMG Limited Patch 4.4-06-13-19-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OpenOffice.org 2.4-->MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
Opera 9.27-->MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
OverDrive Media Console-->MsiExec.exe /I{8ED929E5-37D5-4E01-8052-4FF5E67F403D}
PC Connectivity Solution-->MsiExec.exe /I{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
Pegasus Mail-->C:\PMAIL\Programs\DeSetup.exe C:\PMAIL\Programs
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
PowerMenu 1.51-->C:\Program Files\PowerMenu\Uninst.exe
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
Roxio DigitalMedia Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio DigitalMedia Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio DigitalMedia Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe
Scribus 1.3.3.9-->C:\Program Files\Scribus 1.3.3.9\uninst.exe
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Setting Utility Series-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59452470-A902-477F-9338-9B88101681BD}\setup.exe" -l0x9 UNINSTALL
Skype 3.1-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
SonicStage 3.4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SonicStage Mastering Studio 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF3B304B-8A18-452D-A19F-6012CA8418D7}\setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter Custom Preset-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}\setup.exe" -l0x9
SonicStage Mastering Studio Audio Filter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB467B85-4F52-48C2-AEED-0673D00417B0}\setup.exe" -l0x9
SonicStage Mastering Studio Plugins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}\setup.exe" -l0x9
Sony MP4 Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}\setup.exe" -l0x9  -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony USB Mouse-->Pmuninst.exe MouseSuite98
Sony Utilities DLL-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF3D45BB-2260-4008-88EA-492E7744A9DF}\setup.exe" -l0x9
Sony Video Shared Library-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}\setup.exe" -l0x9  -removeonly
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
SyncToy 2.0 (x86)-->MsiExec.exe /I{AFDFC350-C142-4790-BE12-8357AECD028F}
Telecom JoinME-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72FD5F2E-1F7A-4E9B-8838-29E842E178CD}\Setup.exe" -l0x9  -removeonly
TOSHIBA e-STUDIO230-280 Series Client-->C:\Program Files\InstallShield Installation Information\{2DC1BD16-9CD7-44A4-8F2F-1803E9BEF5F2}\SETUP.EXE -runfromtemp -l0x0009
Type2018 TWAIN Driver Ver.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{75426376-58A7-46A1-A868-B72A1D175F42}\SETUP.EXE" -l0x9 DRIVER_UNINSTALL
Uninstall HTML-Kit Plugins Generator-->"C:\Program Files\Chami\HTML-Kit Plugins Generator\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VAIO Aqua Breeze Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97BCD719-6ECB-458F-97D6-F38D2E07375E}\Setup.exe" -l0x9
VAIO Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC37C108-821D-4EDE-8F40-D5B497586805}\setup.exe" -l0x9
VAIO Cozy Orange Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}\Setup.exe" -l0x9
VAIO Entertainment Platform-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B1F20F2-6321-4669-A58C-33DF8E7517FF}\setup.exe" -l0x9  -removeonly
VAIO Event Service-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}\setup.exe" -l0x9
VAIO Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A43F939E-A863-433D-AC78-0897E44CFEB2}\setup.exe" -l0x9
VAIO Long Battery Life Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBFFB027-7D53-4E1B-95BC-35A2216D1D60}\Setup.exe" -l0x9
VAIO Manual-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA171A69-F942-40DA-AE3A-EA91026A1CAE}\Setup.exe" -l0x9
VAIO Media 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{560F6B2E-F0DF-44E5-8190-A4A161F0E205}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media AC3 Decoder 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2063C2E8-3812-4BBD-9998-6610F80C1DD4}\Setup.exe" -l0x9 UNINSTALL
VAIO Media Integrated Server 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{785EB1D4-ECEC-4195-99B4-73C47E187721}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Redistribution 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Media Registration Tool 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}\setup.exe" -l0x9 UNINSTALL -removeonly
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}\setup.exe" -l0x9
VAIO Original Screen Saver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1BEF9285-5530-426B-A5F1-5836B95C7EB1}\setup.exe" -l0x9
VAIO Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E319E96-ED8E-4B01-9775-C521A1869A25}\setup.exe" -l0x9 UNINSTALL
VAIO Tender Green Wallpaper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934A3213-1CB6-4264-84A2-EE080C017BCA}\Setup.exe" -l0x9
VAIO Update 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48820099-ED7D-424B-890C-9A82EF00656D}\setup.exe" -l0x9
VAIO Zone-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}\Setup.exe" -l0x9
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
WampServer 2.0-->"c:\wamp\unins000.exe"
Winamp Toolbar-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia Modem  (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem  (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray-->"C:\WINDOWS\$NtUninstallKB952011$\spuninst\spuninst.exe"
Windows Grep 2.3-->"C:\Program Files\Windows Grep\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
WinHTTrack Website Copier 3.42-3-->"C:\Program Files\WinHTTrack\unins000.exe"
WinMerge 2.12.4-->"C:\Program Files\WinMerge\unins000.exe"
Wireless LAN Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}\setup.exe" -l0x9

======Hosts File======

10.1.1.100   k

======Security center information======

AV: F-PROT Antivirus for Windows (disabled)

======System event log======

Computer Name: KARLA_LAPTOP
Event Code: 1000
Message: Your computer has lost the lease to its IP address 10.1.1.5 on the
Network Card with network address 0016CF14A102.

Record Number: 176231
Source Name: Dhcp
Time Written: 20101011213555.000000+780
Event Type: error
User:

Computer Name: KARLA_LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CF14A102.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 176230
Source Name: Dhcp
Time Written: 20101011213555.000000+780
Event Type: warning
User:

Computer Name: KARLA_LAPTOP
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\OFFICE on the network \Device\NetBT_Tcpip_{9F1DF338-931A-4614-A9F5-7C20EAC1C948}.
The data is the error code.

Record Number: 176153
Source Name: BROWSER
Time Written: 20101010205449.000000+780
Event Type: warning
User:

Computer Name: KARLA_LAPTOP
Event Code: 1000
Message: Your computer has lost the lease to its IP address 10.1.1.5 on the
Network Card with network address 0016CF14A102.

Record Number: 176151
Source Name: Dhcp
Time Written: 20101010205447.000000+780
Event Type: error
User:

Computer Name: KARLA_LAPTOP
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0016CF14A102.  The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 176150
Source Name: Dhcp
Time Written: 20101010205447.000000+780
Event Type: warning
User:

=====Application event log=====

Computer Name: KARLA_LAPTOP
Event Code: 3
Message: The OAS driver was deactivated.

Record Number: 30472
Source Name: FPAVServer.exe
Time Written: 20100820094915.000000+720
Event Type: warning
User:

Computer Name: KARLA_LAPTOP
Event Code: 3
Message: The OAS driver was deactivated.

Record Number: 30468
Source Name: FPAVServer.exe
Time Written: 20100820000057.000000+720
Event Type: warning
User:

Computer Name: KARLA_LAPTOP
Event Code: 3
Message: The OAS driver was deactivated.

Record Number: 30461
Source Name: FPAVServer.exe
Time Written: 20100819074029.000000+720
Event Type: warning
User:

Computer Name: KARLA_LAPTOP
Event Code: 1517
Message: Windows saved user KARLA_LAPTOP\karla registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 30460
Source Name: Userenv
Time Written: 20100819073947.000000+720
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: KARLA_LAPTOP
Event Code: 108
Message: Failed to start monitoring folder. (00000000)
C:\Documents and Settings\All Users\Application Data\Sony Corporation\PictureGear Studio\Samples\PhotoCollection\Samples

Record Number: 30453
Source Name: VzFw
Time Written: 20100819073812.000000+720
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------
Logged
karlanz
Newbie
*
Posts: 14


« Reply #5 on: December 13, 2010, 02:44:47 PM »

and lastly, from Gmer's mbr.exe:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541080G9SA00 rev.MB4OC60D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
1 ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Harddisk0\DR0[0x86D61AB8]
3 CLASSPNP[0xF751F05B] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\00000077[0x86D23198]
5 ACPI[0xF7395620] -> ntkrnlpa!IofCallDriver[0x804EE00A] -> \Device\Ide\IdeDeviceP0T0L0-3[0x86DCAD98]
kernel: MBR read successfully
user & kernel MBR OK


there's a lot of information there! I really appreciate you looking through it all.

The quarantined items are soundman.exe, clonedvd2-uninst.exe, pccsmcfd.sys (x 3 times), Soundman.exe, SOUNDMAN.exe.  I haven't deleted any of these yet.

Should I go ahead and do the suggestions in the Emergency First Aid for Computer Infections; unfortunately I read this after doing it wrong the first time (shutting down the system).  Great but painful way to learn!

Cheers - Karla ~
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #6 on: December 13, 2010, 06:34:36 PM »

Not sure I see any rhyme or reason for why F-Prot is targeting those files. Many softwares load, and run, using temp files located in temp folders there. Often, when some security program targets program files and temp files as the same malware, that suggests they could very well be part of the same software/software activity. This one suggests an NSIS (Nullsoft Scriptable Install System) installer file:

C:\WINDOWS\TEMP\FPQ6.tmp->(NSIS)

Could mean this F-Prot flurry of activity is due to an active software install. When and what is the most recent program you installed on your computer?

But I gotta admit some of the files being located by F-Prot there don't seem to have much in common.

One other significant issue is that "W32/MalwareS.BJBR" and "W32/MalwareF.GMXU" are unique to your system - No other web sites show those names. That lends support that the files are not malware (False Positives)



The other logs you posted don't show any malware. I did check more on that "ProxyServer = 192.168.1.2:3128" log entry, and see that it may be some part of a Squid caching proxy function (see here).



It would help if we could check some of those files, but they would need to be restored to their original locations. Though it is not without risk of infection, I sense the files are not malware. All your call on it, but if you want to go ahead with checking the files, just temp disable F-Prot's active scanning (so it won't just re-quarantine the files while we work with them), then have it restore these files:

C:\WINDOWS\TEMP\FPQ6D.tmp
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PC Connectivity Solution\pccsmcfd.sys

Before restoring the files, take time to make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types". This way you will be able to see all files there.


As soon as the files are restored, just go here, press new topic, fill in the needed details and just give a link to your post back here (see the "Instructions for uploading files" there for help, if needed). Then press the browse button and then navigate to & select those restored files.

You DO NOT need to be a member to upload, anybody can upload the files. You will not be able to see the file once uploaded.

Just click the "(more attachments)" next to the Browse button to upload more than one file.

------------------

Instead of you immediately enable F-Prot after the file upload, leave it disabled, and let's run a good repair scan tool.

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Download ComboFix.exe from here to your desktop, then click that to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #7 on: December 13, 2010, 06:41:11 PM »

Missed one I had on my scratch sheet:

O24 - Desktop Component 1: (no name) - (no file)

That particular entry is from selecting a web-based source as the Active Desktop. Malware has been using that every so often, but this entry may just be that the Registry key for it needs repairing. But let's see what we get from these new steps before addressing that.
Logged
karlanz
Newbie
*
Posts: 14


« Reply #8 on: December 14, 2010, 01:28:23 AM »

Hi Jintan,

I uploaded two of the files to the site you requested, however the one at Windows/Temp I couldn't find. Perhaps this was deleted when I ran CCleaner after I had shut down after the online scan warning. F-Prot was very insistent about re-quarantining the SOUNDMAN.exe file, I had to do some shifty restoring and closing down to get it to stay there long enough to upload it. 

Combofix downloaded the recovery console, and started the scan, but unfortunately crashed about Stage 50, with the error "Bad_pool_header" - the same one I got when I tried to run the GMER program. I tried this twice with the same result.

The latest programs I have downloaded are Samsung (for my sons cell phone), Myfree Codec (seems that was installed by Samsung), PowerMenu, Winmerge, and the Rockmelt browser. I hadn't had any problems prior to that, and F-Prot has kept me pretty much virus free.  However, I see that the computer my son uses has also picked up a virus; we are networked so possibly this has spread that way?

Sigh!

I'm so glad that you are helping with this one. Thank you again.

Karla ~
Logged
karlanz
Newbie
*
Posts: 14


« Reply #9 on: December 14, 2010, 02:20:59 AM »

I have just been going through the f-prot scan details and I see the C:\WINDOWS\TEMP\FPQ6.tmp->(NSIS) has been giving problems for the last couple of days. I'll look further for it, and if I find it will post to the spykiller site.

Also, the latest program downloaded (rockmelt) was just a few days ago, however I have had Chrome for a while and it seems to just be another version of that ... ?
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #10 on: December 14, 2010, 08:05:58 PM »

Just checking in, but I will check the uploaded files when I get time. One other method of dealing with files the antivirus has located is to ignore what the AV program is suggesting it do, and zip a copy of the file it is pointing to. Then let the antivirus do what it wants, and upload the ziped file copy.

I am not too familiar with Google Chrome or RockMelt. Web info shows that Chromium, which is the "open-source project behind Google Chrome", is also what RockMelt was based on, so perhaps that the tie-in with them.

Both ComboFix and Google causing those problems could be due to them clashing with your security software (which you are disabling before running these scans, yes?), but the more recent malware packages also target those scan/fix tools.


See if those crashes created a log file we can check.

Make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

Then navigate (right click Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan AT malwarecrypt.com (replace the "AT" with @) as an attachment. Please place "Submitted Files - karlanz /mc/dmp" as the email Subject.

-------------------

Even though the scans like the mbr.exe one does not seem to loacte any rootkit infection, let's check anyway.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot if requested.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please.



Logged
karlanz
Newbie
*
Posts: 14


« Reply #11 on: December 14, 2010, 10:13:26 PM »

Hi Jintan,

I am like putty in your capable hands.  Email sent re the minidump.  Doesn't look like the rootkit scan came up with anything, but here is the logfile:

2010/12/15 15:18:32.0796   TDSS rootkit removing tool 2.4.11.0 Dec  8 2010 14:46:40
2010/12/15 15:18:32.0796   ================================================================================
2010/12/15 15:18:32.0796   SystemInfo:
2010/12/15 15:18:32.0796   
2010/12/15 15:18:32.0796   OS Version: 5.1.2600 ServicePack: 2.0
2010/12/15 15:18:32.0796   Product type: Workstation
2010/12/15 15:18:32.0796   ComputerName: KARLA_LAPTOP
2010/12/15 15:18:32.0796   UserName: karla
2010/12/15 15:18:32.0796   Windows directory: C:\WINDOWS
2010/12/15 15:18:32.0796   System windows directory: C:\WINDOWS
2010/12/15 15:18:32.0796   Processor architecture: Intel x86
2010/12/15 15:18:32.0796   Number of processors: 1
2010/12/15 15:18:32.0796   Page size: 0x1000
2010/12/15 15:18:32.0796   Boot type: Normal boot
2010/12/15 15:18:32.0796   ================================================================================
2010/12/15 15:18:33.0250   Initialize success
2010/12/15 15:18:38.0296   ================================================================================
2010/12/15 15:18:38.0296   Scan started
2010/12/15 15:18:38.0296   Mode: Manual;
2010/12/15 15:18:38.0296   ================================================================================
2010/12/15 15:18:39.0531   ACPI            (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/15 15:18:39.0562   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/15 15:18:39.0640   aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/15 15:18:39.0718   AegisP          (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/12/15 15:18:39.0781   AFD             (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/12/15 15:18:39.0984   AnyDVD          (d887811bacdcc51e7d7e49dd1a14235c) C:\WINDOWS\system32\Drivers\AnyDVD.sys
2010/12/15 15:18:40.0031   ApfiltrService  (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/15 15:18:40.0187   Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/15 15:18:40.0343   AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/15 15:18:40.0359   atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/15 15:18:40.0437   Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/15 15:18:40.0515   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/15 15:18:40.0578   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/15 15:18:40.0765   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/15 15:18:40.0812   CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/15 15:18:40.0859   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/15 15:18:40.0921   Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/15 15:18:41.0062   Cdrom           (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/15 15:18:41.0187   CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/15 15:18:41.0234   Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/15 15:18:41.0406   dgderdrv        (4f63ff698dc72ec2ec0262427f8b53cb) C:\WINDOWS\system32\drivers\dgderdrv.sys
2010/12/15 15:18:41.0468   Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/15 15:18:41.0546   dmboot          (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/15 15:18:41.0640   DMICall         (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2010/12/15 15:18:41.0781   dmio            (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/15 15:18:41.0828   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/15 15:18:41.0890   DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/15 15:18:41.0953   dot4            (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/12/15 15:18:42.0000   Dot4Print       (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/12/15 15:18:42.0031   dot4usb         (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/12/15 15:18:42.0093   drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/15 15:18:42.0156   ElbyCDIO        (fa13264eea448b2e1b3a844ae4f75c7a) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2010/12/15 15:18:42.0218   ElbyDelay       (df9957db3bfe5136aad3c2c101806c98) C:\WINDOWS\system32\Drivers\ElbyDelay.sys
2010/12/15 15:18:42.0296   Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/15 15:18:42.0437   Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/15 15:18:42.0484   Fips            (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/15 15:18:42.0515   Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/15 15:18:42.0578   FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/15 15:18:42.0656   FPAV_RTP        (a98b9d16a38df7afdc1a465925d03884) C:\WINDOWS\system32\drivers\FStopW.sys
2010/12/15 15:18:42.0734   FsUsbExDisk     (b07663a810e861eebfd0eac7e82ca62d) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/12/15 15:18:42.0765   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/15 15:18:42.0812   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/15 15:18:42.0875   GEARAspiWDM     (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/15 15:18:42.0937   Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/15 15:18:43.0062   HDAudBus        (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/15 15:18:43.0156   HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/15 15:18:43.0234   HSFHWAZL        (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2010/12/15 15:18:43.0312   HSF_DPV         (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/15 15:18:43.0375   HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/15 15:18:43.0593   i8042prt        (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/15 15:18:43.0703   ialm            (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/15 15:18:43.0781   Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/15 15:18:44.0062   IntcAzAudAddService (8443479648f804445e9dafef0f219231) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/15 15:18:44.0296   IntelIde        (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/15 15:18:44.0343   intelppm        (db8a1859cf9e48914dcc0a7206d87be5) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/15 15:18:44.0406   Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/15 15:18:44.0437   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/15 15:18:44.0484   IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/15 15:18:44.0546   IpNat           (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/15 15:18:44.0625   IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/15 15:18:44.0687   IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/15 15:18:44.0718   isapnp          (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/15 15:18:44.0796   Kbdclass        (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/15 15:18:44.0968   kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/15 15:18:45.0031   KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/15 15:18:45.0140   LEX_AS_NIC_SERVICE_YNOS (39ed22ee60eb121e1e0029e5e5e6f8d8) C:\WINDOWS\system32\DRIVERS\ExpasAG.sys
2010/12/15 15:18:45.0218   mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/15 15:18:45.0296   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/15 15:18:45.0375   Modem           (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/15 15:18:45.0515   Mouclass        (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/15 15:18:45.0562   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/15 15:18:45.0609   MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/15 15:18:45.0687   MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/15 15:18:45.0765   MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/15 15:18:45.0828   Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/15 15:18:45.0890   MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/15 15:18:45.0968   MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/15 15:18:46.0078   MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/15 15:18:46.0140   mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/15 15:18:46.0187   MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/15 15:18:46.0203   Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/15 15:18:46.0250   NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/15 15:18:46.0312   NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/15 15:18:46.0359   NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/15 15:18:46.0406   NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/15 15:18:46.0437   Ndisuio         (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/15 15:18:46.0468   NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/15 15:18:46.0500   NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/15 15:18:46.0531   NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/15 15:18:46.0562   NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/15 15:18:46.0656   NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/15 15:18:46.0718   nmwcd           (696b37ea78f9d9767a2f18ba0304a51a) C:\WINDOWS\system32\drivers\nmwcd.sys
2010/12/15 15:18:46.0843   nmwcdc          (bbb6010fc01d9239d88fcdf133e03ff0) C:\WINDOWS\system32\drivers\nmwcdc.sys
2010/12/15 15:18:46.0875   nmwcdcj         (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcj.sys
2010/12/15 15:18:46.0921   nmwcdcm         (4c3726467d67483f054c88f058e9c153) C:\WINDOWS\system32\drivers\nmwcdcm.sys
2010/12/15 15:18:47.0000   Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/15 15:18:47.0062   Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/15 15:18:47.0171   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/15 15:18:47.0218   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/15 15:18:47.0281   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/15 15:18:47.0343   ohci1394        (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/15 15:18:47.0406   Parport         (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/15 15:18:47.0437   PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/15 15:18:47.0500   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/15 15:18:47.0546   PCI             (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/15 15:18:47.0609   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/15 15:18:47.0640   Pcmcia          (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/15 15:18:47.0890   PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/15 15:18:47.0921   PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/15 15:18:47.0968   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/15 15:18:48.0015   PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/15 15:18:48.0187   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/15 15:18:48.0234   Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/15 15:18:48.0265   RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/15 15:18:48.0296   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/15 15:18:48.0359   Rdbss           (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/15 15:18:48.0437   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/15 15:18:48.0515   rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/15 15:18:48.0640   RDPWD           (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/15 15:18:48.0671   redbook         (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/15 15:18:48.0765   RTL8023xp       (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
2010/12/15 15:18:48.0828   s24trans        (9c40cb317400f2cf643b8706147dd06d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/12/15 15:18:48.0921   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/15 15:18:49.0015   Serial          (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/15 15:18:49.0125   Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/15 15:18:49.0203   SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/15 15:18:49.0265   SNC             (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
2010/12/15 15:18:49.0375   SonyImgF        (fb77021110eaa16ea6e0961c844ef0d2) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
2010/12/15 15:18:49.0453   splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/15 15:18:49.0546   sr              (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/15 15:18:49.0625   Srv             (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/15 15:18:49.0703   ss_bbus         (3f0164fbc0bd1adbd02df9759181451a) C:\WINDOWS\system32\DRIVERS\ss_bbus.sys
2010/12/15 15:18:49.0750   ss_bmdfl        (b89d62206034e5fe573c80a24dd55675) C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys
2010/12/15 15:18:49.0796   ss_bmdm         (1ed0fcea586fe2a416ee15196e5631dd) C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys
2010/12/15 15:18:49.0859   ss_bserd        (994d2e5378cc337ec7dd73c1e04fcaa4) C:\WINDOWS\system32\DRIVERS\ss_bserd.sys
2010/12/15 15:18:49.0921   streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/15 15:18:50.0093   swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/15 15:18:50.0156   swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/15 15:18:50.0265   symlcbrd        (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/12/15 15:18:50.0343   sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/15 15:18:50.0437   Tcpip           (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/15 15:18:50.0500   TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/15 15:18:50.0531   TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/15 15:18:50.0562   TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 15:18:50.0625   tifmsony        (72aaa3343af62e02ae37001eea5c9a0e) C:\WINDOWS\system32\drivers\tifmsony.sys
2010/12/15 15:18:50.0734   Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/15 15:18:50.0843   Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/15 15:18:51.0062   usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/15 15:18:51.0140   usbehci         (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/15 15:18:51.0171   usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/15 15:18:51.0218   usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/15 15:18:51.0312   usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/15 15:18:51.0375   USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/15 15:18:51.0406   usbuhci         (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/15 15:18:51.0468   usbvm321        (f9d550545afec1d581d2539f3488c4cd) C:\WINDOWS\system32\Drivers\usbvm321.sys
2010/12/15 15:18:51.0562   USBVSP          (3a9a3086be7bdd3ca58b3a15bd7e347a) C:\WINDOWS\system32\drivers\Usbvsp.sys
2010/12/15 15:18:51.0734   VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/15 15:18:51.0796   VolSnap         (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/15 15:18:52.0109   w29n51          (adb2f5af36155c9f1fbfd66a3acacbe6) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2010/12/15 15:18:52.0343   Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/15 15:18:52.0421   wanusb          (48e9207050c09b475c6716277f041e25) C:\WINDOWS\system32\DRIVERS\gwausb.sys
2010/12/15 15:18:52.0515   wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/15 15:18:52.0609   winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/15 15:18:52.0859   WpdUsb          (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/12/15 15:18:52.0953   WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/15 15:18:53.0046   WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/15 15:18:53.0109   zgwhsdiag       (f2c38cd7b6696566da0c3485a41b43dc) C:\WINDOWS\system32\DRIVERS\zgwhsdiag.sys
2010/12/15 15:18:53.0171   zgwhsmdm        (f2c38cd7b6696566da0c3485a41b43dc) C:\WINDOWS\system32\DRIVERS\zgwhsmdm.sys
2010/12/15 15:18:53.0421   ================================================================================
2010/12/15 15:18:53.0421   Scan finished
2010/12/15 15:18:53.0421   ================================================================================
2010/12/15 15:19:03.0687   Deinitialize success


Is there any way of telling which driver it is that is missing or causing the blue screen crash?  I haven't turned my computer off - I'm wondering if this is necessary, just that somewhere I read that each boot up gives a virus a bit of a boost. Not sure if that is my memory fabricating that tho ;-)

Cheers - go well, and don't stress over this, I'm not. Christmas is only ten days away, I just realised today !
Karla
Logged
karlanz
Newbie
*
Posts: 14


« Reply #12 on: December 15, 2010, 02:00:56 PM »

Hi Jintan,
last night I was thinking about changes that I made to the computer that might have affected the driver file, and one of those was changing the registry with cccleaner when I did the scan shortly after getting the fake scan warning.  So, I merged back those four registry changes, and tried another attempt at running Combofix, unsuccessfully. 

F-Prot has this morning given me two more malware warnings :Found file, C:\System Volume Information\_restore{7FDE3511-2876-4122-A043-FE90622A1974}\RP1\A0003196.exe, infected with W32/MalwareS.BJBR

The registry changes (below) don't seem connected, it was just an idea.

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\karla\\Desktop\\PowerMenuSetup_1_5_1.exe"="PowerMenuSetup_1_5_1"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\karla\\Desktop\\WinMerge-2.12.4-Setup.exe"="WinMerge Installer                                          "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\karla\\LOCALS~1\\Temp\\is-KEL56.tmp\\WinMerge-2.12.4-Setup.tmp"="Setup/Uninstall"

Would you like me to restore these files, zip them and send them to the Spykiller?

Karla
Logged
Jintan
Administrator
Hero Member
*****
Posts: 4012



WWW
« Reply #13 on: December 15, 2010, 08:45:32 PM »

Those Registry Keys reflect what new apps you recently installed. The names also match what you posted about recent installs. That PowerMenuSetup_1_5_1.exe installer file shows up in a few Thai threads. I downloaded and checked it. Didn't see any malware actions in the file codes, and only one scanner felt the files were malware-related:

TheHacker  -  Trojan/Downloader.Zlob.bouh

One hit out of 43 usually says the hit scanner is in error.


Quote
Is there any way of telling which driver it is that is missing or causing the blue screen crash?

That is what checking the minidump files can do. However, in checking those that you sent, the culprit is either Gmer, or ComboFix's version of Gmer's CatchMe scanner.

-----------------------

I did another check of the logs posted so far, and see Norton has left some things behind. These could be what is causing some issues there.

Be sure to temp disable all security programs, then Go here and download the Norton Removal Tool that is appropriate for your version. Then close all open windows and disable all protective software, and click the downloaded file to completely remove Norton from your system. If the removal does not cause a reboot reboot after the tool has completed the removal. Be sure to save all registration keys before running the tool if you plan to reinstall Norton later.

If you do not recall the version that is okay - the same tool is used for most versions.

After the reboot try the ComboFix and Gmer scans again, if you would.



Logged
karlanz
Newbie
*
Posts: 14


« Reply #14 on: December 15, 2010, 11:08:19 PM »

HI Jintan,

I don't ever remember the laptop having Nortons, but I ran the tool and am still having combofix crash. I'll try the Gmer later.

I'm just wondering if it is possible that my son's computer, which is networked, could be where the virus is? I don't know much about networking, or servers - could there be a virus there which creeps down to my laptop??

Cheers
Karla
Logged
Pages: [1] 2
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC
SMFAds for Free Forums
Valid XHTML 1.0! Valid CSS!