Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BAGLE [RESOLVED]

Started by toyma , Aug 02 2008 10:39 AM

  • This topic is locked This topic is locked

#16
toyma
Posted 06 August 2008 - 08:03 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy,

Here is the info requested. Thanks for all the help!! The pc feels much more fast, 90% responsive. It still feels a little slow when I open IE to surf, but other wisw it is back to its old self...... And no, I was not the one to download the stuff.... it is the pc my ex husband was using, so I guess he did it.
I meant to ask you what to do with my Flash Memory Card, it is the one that transported the infected files to my laptop. I haven't touched it since then, can I clean it or I simply throw it away??

Thanks again!

Explorer killed successfully
File/Folder C:\Documents and Settings\Corina Finkler\Configuración local\temp\KeyGen.exe not found.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFD16E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFF3C5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFF3DF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~ROMFN_0000062C scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETF491.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08062008_161203

Files moved on Reboot...
C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFD16E.tmp moved successfully.
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFF3C5.tmp not found!
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DFF3DF.tmp not found!
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~ROMFN_0000062C not found!
C:\WINDOWS\temp\JETF491.tmp moved successfully.


And here's the other one:

Scanning Report
Wednesday, August 06, 2008 16:44:24 - 20:53:07
Computer name: THELMA
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Suspicious_F.gen (virus)
C:\PROGRAM FILES\WINRAR\WINRAR.3.X-UNIVERSAL.PATCH.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 60595
System: 5241
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\THELMA\LOCAL SETTINGS\TEMP\~ROMFN_00000AD8
C:\DOCUMENTS AND SETTINGS\ALL USERS\DATOS DE PROGRAMA\MICROSOFT\CRYPTO\DSS\MACHINEKEYS\EE45563F3F243FF3C0299BB1CF61D7BE_ED4A2A3D-B949-48A7-A1E4-1E0CAA0AF427

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Blacklight: 1.0.68
F-Secure Hydra: 2.8.8110, 2008-08-06
F-Secure Pegasus: 1.20.0, 2008-04-14
F-Secure AVP: 7.0.171, 2008-08-06
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics
  • 0

Advertisements

#17
Jimmy2012
Posted 07 August 2008 - 10:50 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

I meant to ask you what to do with my Flash Memory Card, it is the one that transported the infected files to my laptop. I haven't touched it since then, can I clean it or I simply throw it away??

We should be able to clean it up. :)

STEP 1
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
C:\PROGRAM FILES\WINRAR\WINRAR.3.X-UNIVERSAL.PATCH.EXE
purity
EmptyTemp
[start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

STEP 2
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
STEP 3
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
~~~~~~~~~
In your next reply please have these logs.
The OTMoveIt2 log
The MalwareBytes log
  • 0

#18
toyma
Posted 07 August 2008 - 08:13 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy!!!

Here are the requested logs. I cant' tell you how grateful I am, my desktop feels quick and normal..... :) :)

Explorer killed successfully
C:\PROGRAM FILES\WINRAR\WINRAR.3.X-UNIVERSAL.PATCH.EXE moved successfully.
< purity >
< EmptyTemp >
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF5944.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF71BB.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF71D4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Thelma\LOCALS~1\Temp\~ROMFN_0000062C scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETE2ED.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_203922

Files moved on Reboot...
C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF5944.tmp moved successfully.
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF71BB.tmp not found!
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~DF71D4.tmp not found!
File C:\DOCUME~1\Thelma\LOCALS~1\Temp\~ROMFN_0000062C not found!
C:\WINDOWS\temp\JETE2ED.tmp moved successfully.



Malwarebytes' Anti-Malware 1.24
Database version: 1031
Windows 5.1.2600 Service Pack 2

09:09:15 p.m. 07/08/2008
mbam-log-8-7-2008 (21-09-15).txt

Scan type: Quick Scan
Objects scanned: 42114
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
  • 0

#19
Jimmy2012
Posted 08 August 2008 - 01:09 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

my desktop feels quick and normal

Thats great to hear. :)

Your logs look clean. :)
Just a few more things to do.
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
You are using a old version of Adobe Acrobat Reader, please update it here.



Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image


  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
Please remove any left over tools used to clean your computer as well.




The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spywareguard: Is realtime protection from spyware.

2. Spywareblaster: Helps protect against any bad ActiveX from installing on your computer.

3. SuperAntiSpyware: Use this program to remove any spyware that may have gotten on your computer.

4. FireFox: This is a great alternate browser over Internet Explorer. Firefox is much more secure then Internet Explorer and also has a bulilt in pop up blocker.

5. ATF Cleaner: This program cleans out your temporary files. This is a great tool that can help speed your computer up.

6. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.


To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#20
toyma
Posted 09 August 2008 - 01:38 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Dear Jimmy,

I'm done!! I've noticed that sometimes it takes a little long to load up IE7, but nothing that worries me too much.

Now I am ready to install my anti-virus and get on with my work.

Thanks for EVERYTHING!!!! You saved it................. :)

Toyma
  • 0

#21
toyma
Posted 09 August 2008 - 03:43 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Here I am again with a few questions/issues:

After I did everything you asked, I inserted my flash memory which we had already disinfected, and copied my installer for Kaspersky from there into my desktop. It immediately gave me problems and was unable to install it.
I cleaned the flash again and removed it from the pc, but noticed that I was back like when we started, cc cleaner not running and HJT apparently not valid. I ran Malwarebytes, cleaned everything and rebooted when it asked me. I ran it again (without the flash drive) and it found only 8 issues, I cleaned again, rebooted and it didn't find anything.
I ran the installation of Kaspersky, and now it is installed and apparently everything is ok. I ran cc cleaner and cleaned everything it found, updated kaspersky and I am using the pc right now.
The only thing I could not use (just as trial) was HJT, but I downloaded it again from trendsecure and it seems to run ok.
1. Do you think there are still problems with the famous infection??
2. I ask again: should I keep the flash card?

Again and again, thanks for everything!
  • 0

#22
Jimmy2012
Posted 10 August 2008 - 10:21 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

1. Do you think there are still problems with the famous infection??
2. I ask again: should I keep the flash card?

1. Lets run a scan and see what it reports back.

2. Please delete any .exe/.rar./.zip files from your flash card, as they are more than likely infected.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#23
toyma
Posted 11 August 2008 - 10:40 AM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy,

Here they are:

Deckard's System Scanner v20071014.68
Run by Thelma on 2008-08-11 11:33:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-08-11 16:34:05 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-08-09 20:49:01 UTC - RP6 - Installed Kaspersky Internet Security 2009.
5: 2008-08-09 20:17:53 UTC - RP5 - Last known good configuration
4: 2008-08-09 20:17:44 UTC - RP4 - Installed Kaspersky Internet Security 2009.
3: 2008-08-09 20:17:44 UTC - RP3 - Installed Kaspersky Internet Security 2009.


-- First Restore Point --
1: 2008-08-09 20:17:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 446 MiB (512 MiB recommended).


-- HijackThis (run as Thelma.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:57 a.m., on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
c:\jetsuite\jsdaemon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\JSFMAN.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Thelma\Desktop\dss.exe
C:\HJT\Thelma.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F3D97CD4-779B-47F3-BAAF-3248FE65822F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 17\Remind.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11758 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 jsmux - c:\windows\system32\drivers\jsmux.sys <Not Verified; JetFax, Inc.; JetSuite>
R1 jsscan - c:\windows\system32\drivers\jsscan.sys <Not Verified; JetFax, Inc.; JetSuite>
R2 jsfax - c:\windows\system32\drivers\jsfax.sys <Not Verified; JetFax, Inc.; JetSuite>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>

S1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys (file missing)
S4 jsdbg - c:\windows\system32\drivers\jsdbg.sys <Not Verified; JetFax, Inc.; JetSuite>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 jsdaemon - c:\jetsuite\jsdaemon.exe <Not Verified; JetFax, Inc.; JetSuite>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 TUWinStylerThemeSvc (TuneUp WinStyler Theme Service) - "c:\program files\tuneup utilities 2006\winstylerthemesvc.exe" <Not Verified; TuneUp Software GmbH; TuneUp Utilities>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_D6018086&REV_81\3&B1BFB68&0&A0
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_1002&DEV_4372&SUBSYS_D6018086&REV_81\3&B1BFB68&0&A0
Service:

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&29C049B9&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&29C049B9&0
Service: i8042prt

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Port Mouse (IntelliPoint)
Device ID: ACPI\PNP0F13\4&29C049B9&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Port Mouse (IntelliPoint)
PNP Device ID: ACPI\PNP0F13\4&29C049B9&0
Service: i8042prt

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205114F1&REV_01\4&397875E9&0&18A4
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_2F30&SUBSYS_205114F1&REV_01\4&397875E9&0&18A4
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 17:16:33 392 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2007-10-06 00:07:17 292 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
2007-10-06 00:07:16 302 --ah----- C:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-09 16:25:25 0 dr-h----- C:\Documents and Settings\Thelma\Recent
2008-08-09 15:50:20 96976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 15:50:20 87855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 15:49:15 368672 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 15:49:15 1867296 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 15:49:15 0 d-------- C:\Program Files\Kaspersky Lab
2008-08-09 15:49:15 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-09 14:21:30 0 d-------- C:\Combo-Fix
2008-08-09 13:49:13 0 d-------- C:\Program Files\Java
2008-08-09 13:49:11 0 d-------- C:\Program Files\Common Files\Java
2008-08-09 13:44:46 0 d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-09 13:23:14 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-08-09 13:23:09 0 d-------- C:\Program Files\NOS
2008-08-07 21:11:11 712712 --ah----- C:\WINDOWS\system32\drivers\mdelk.exe
2008-08-07 21:01:10 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 20:47:56 0 drahs---- C:\autorun.inf
2008-08-06 16:21:35 0 d-------- C:\fsaua.data
2008-08-04 12:27:59 0 d-------- C:\HJT
2008-08-03 10:42:08 0 d-------- C:\Program Files\Asistente Prodigy
2008-08-03 10:28:19 929792 -ra------ C:\WINDOWS\system32\PRISME5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-08-03 10:28:19 15781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2008-08-03 10:27:41 0 d-------- C:\Program Files\Prodigy Infinitum
2008-08-02 11:33:45 0 d-------- C:\Program Files\Trend Micro
2008-08-02 01:25:48 0 d-------- C:\Documents and Settings\Thelma\Application Data\Malwarebytes
2008-08-02 01:25:19 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-01 15:34:09 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-07-29 20:20:00 24774 --a------ C:\WINDOWS\system32\drivers\klopp.dat


-- Find3M Report ---------------------------------------------------------------

2008-08-09 16:02:09 0 d-------- C:\Program Files\BrainsBreaker
2008-08-09 14:33:16 0 d-------- C:\Program Files\PrintMaster Platinum 17
2008-08-09 13:49:11 0 d-------- C:\Program Files\Common Files
2008-08-09 13:43:56 0 d-------- C:\Program Files\Common Files\Adobe
2008-08-03 10:42:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-08-01 19:08:57 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-08-01 14:20:01 0 d-------- C:\Documents and Settings\Thelma\Application Data\U3
2008-08-01 02:09:32 0 d-------- C:\Program Files\palmOne
2008-06-29 21:29:16 0 d-------- C:\Documents and Settings\Thelma\Application Data\Costco Photo Viewer MX
2008-06-16 20:02:20 0 d-------- C:\Documents and Settings\Thelma\Application Data\Costco Photo Organizer
2008-06-16 17:51:02 0 d-------- C:\Program Files\MSN Messenger
2008-06-11 23:51:54 0 d-------- C:\Program Files\MosaicCreator
2008-06-11 22:30:31 0 d-------- C:\Program Files\Common Files\HP
2008-06-11 22:30:28 0 d-------- C:\Program Files\Costco


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
29/07/2008 08:21 p.m. 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3D97CD4-779B-47F3-BAAF-3248FE65822F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [11/01/2006 12:23 p.m. C:\WINDOWS\RTHDCPL.EXE]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [10/08/2006 02:10 p.m.]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [14/08/2006 03:07 a.m.]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [31/07/2006 11:00 a.m.]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [06/05/2004 02:58 p.m.]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 08:54 p.m.]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [21/11/2006 08:08 p.m.]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [21/11/2006 08:09 p.m.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [12/06/2008 02:38 a.m.]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27 a.m.]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [29/07/2008 08:20 p.m.]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 08:07 p.m.]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34 a.m.]

C:\Documents and Settings\Thelma\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 09:16:50 p.m.]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 17\Remind.exe [22/02/2006 01:45:54 p.m.]
HP LaserJet 3150 Status.lnk - C:\jetsuite\JETSTAT.EXE [18/08/2007 01:53:51 p.m.]
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [28/09/2007 07:31:30 p.m.]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"




-- End of Deckard's System Scanner: finished at 2008-08-11 11:38:06 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 2.66GHz
CPU 1: Intel® Pentium® D CPU 2.66GHz
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 445.91 MiB / 107.55 MiB
Pagefile Memory (total/avail): 1049.03 MiB / 696.73 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.09 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 31.53 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
G: is CDROM (CDFS)
H: is Removable (FAT)

\\.\PHYSICALDRIVE0 - ST3808110AS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 1945.37 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 1950.91 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Kaspersky Internet Security v8.0.0.454 (Kaspersky Lab)
AV: Kaspersky Internet Security v8.0.0.454 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Thelma\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=THELMA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thelma
LOGONSERVER=\\THELMA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0407
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Thelma\LOCALS~1\Temp
TMP=C:\DOCUME~1\Thelma\LOCALS~1\Temp
USERDOMAIN=THELMA
USERNAME=Thelma
USERPROFILE=C:\Documents and Settings\Thelma
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thelma (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
--> MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
--> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
--> MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
--> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{637099FB-45FD-4BC7-9651-6FB540DBB749}
--> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
--> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
--> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
--> MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
--> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0xa -L0xa
Acrobat.com --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com --> MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1040-7D00-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR --> C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe InDesign CS2 --> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Asistente Prodigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AF95557C-A14A-42D2-8C9D-E9650D1A8016}\setup.exe" -l0xa -removeonly
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BrainsBreaker 4.9(301) --> "c:\Program Files\BrainsBreaker\unins000.exe"
Canon Camera Support Core Library --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91F1A0D6-23AD-49FE-8D4E-379485652214} /l1033
Canon Camera Window DS for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}
Canon Camera Window DVC for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4C96958A-6562-4143-B820-FF4890D3B734}
Canon Camera Window for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{C7281207-4AA4-425E-B57A-0E9EF8445635}
Canon MovieEdit Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}
Canon PhotoRecord --> MsiExec.exe /X{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}
Canon RAW Image Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{45EF4EE3-F591-4B74-A477-0CAE12934CE7}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{28291BD5-92D2-4685-82DC-CCA925C53CCA}
Canon Utilities PhotoStitch 3.1 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{218BBBE3-FE63-4BB2-81A8-7435575A84FA}
Canon ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CorelDRAW Graphics Suite 12 --> MsiExec.exe /I{505AFDC0-5E72-4928-8368-5DEA385E3647}
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Thelma\Local Settings\Temporary Internet Files\Content.IE5\PESQ9SOS\HijackThis.exe" /uninstall
HP Deskjet 6500 --> msiexec /x{3D50E33F-0DB8-4E3B-B75C-2B872A33D87B}
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
ImTranslator for IE --> C:\PROGRA~1\SMARTL~1\IMTRAN~1\UNWISE.EXE C:\PROGRA~1\SMARTL~1\IMTRAN~1\INSTALL.LOG
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JetSuite Pro for the HP LaserJet 3150 --> c:\jetsuite\setup\setup.exe uninstall
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009 --> MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Logo Design Studio --> "C:\WINDOWS\Logo Design Studio\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio\Uninstall\uninstall.xml"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Office Access MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0015-0C0A-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0016-0C0A-0000-0000000FF1CE}
Microsoft Office Groove MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00BA-0C0A-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0044-0C0A-0000-0000000FF1CE}
Microsoft Office OneNote MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-00A1-0C0A-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001A-0C0A-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0018-0C0A-0000-0000000FF1CE}
Microsoft Office Proof (Basque) 2007 --> MsiExec.exe /X{90120000-001F-042D-0000-0000000FF1CE}
Microsoft Office Proof (Catalan) 2007 --> MsiExec.exe /X{90120000-001F-0403-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Galician) 2007 --> MsiExec.exe /X{90120000-001F-0456-0000-0000000FF1CE}
Microsoft Office Proof (Portuguese (Brazil)) 2007 --> MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (Spanish) 2007 --> MsiExec.exe /X{90120000-002C-0C0A-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-0019-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-006E-0C0A-0000-0000000FF1CE}
Microsoft Office Word MUI (Spanish) 2007 --> MsiExec.exe /X{90120000-001B-0C0A-0000-0000000FF1CE}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mosaic Creator 2.95 --> "C:\Program Files\MosaicCreator\unins000.exe"
NetZero For Riverdeep --> MsiExec.exe /X{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}
palmOne --> MsiExec.exe /X{FF8157AA-F640-45BD-B7C2-BAA1016B267A}
PrintMaster Platinum 17 --> MsiExec.exe /I{01DAB7E2-DEC5-4FBD-893E-612FA6758A4D}
Prodigy Infinitum Módem Router Inalámbrico --> C:\Program Files\Prodigy Infinitum\Uninstaller.exe
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Roxio Content 9 --> MsiExec.exe /X{787F2DC2-1699-44FA-A72F-9107166AF9CC}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Easy Media Creator 9 Suite --> MsiExec.exe /I{938B1CD7-7C60-491E-AA90-1F1888168240}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SightSpeed (remove only) --> "C:\Program Files\SightSpeed\uninst.exe"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
TablePCRT --> MsiExec.exe /X{C46A5F24-B91F-477C-B634-DB99A7D7792A}
TuneUp Utilities 2006 --> MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
Typograf4.8f --> C:\Program Files\Font Managers\Typograf\Uninstal.exe "C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Typograf"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xingtone Ringtone Maker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{625304B0-2976-473B-AD81-5CA376093F03}\setup.exe" -l0x9 -removeonly


-- Application Event Log -------------------------------------------------------

Event Record #/Type6612 / Error
Event Submitted/Written: 08/09/2008 03:16:35 PM
Event ID/Source: 11304 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- Error 1304.Error writing to file C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP8\Bases\neurald.avz. Verify that you have access to that folder.

Event Record #/Type6610 / Error
Event Submitted/Written: 08/09/2008 03:09:00 PM
Event ID/Source: 11304 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- Error 1304.Error writing to file C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP8\Bases\neurald.avz. Verify that you have access to that folder.

Event Record #/Type6609 / Error
Event Submitted/Written: 08/09/2008 03:08:59 PM
Event ID/Source: 11304 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- Error 1304.Error writing to file C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP8\Bases\neurald.avz. Verify that you have access to that folder.

Event Record #/Type6601 / Error
Event Submitted/Written: 08/09/2008 03:00:14 PM
Event ID/Source: 1013 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- You must restart your computer before proceeding with the installation.

Event Record #/Type6599 / Error
Event Submitted/Written: 08/09/2008 02:57:44 PM
Event ID/Source: 11304 / MsiInstaller
Event Description:
Product: Kaspersky Internet Security 2009 -- Error 1304.Error writing to file C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab\AVP8\Bases\neurald.avz. Verify that you have access to that folder.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11499 / Error
Event Submitted/Written: 08/11/2008 11:15:23 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type11482 / Error
Event Submitted/Written: 08/11/2008 11:11:23 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
i8042prt

Event Record #/Type11480 / Error
Event Submitted/Written: 08/11/2008 11:11:23 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type11476 / Error
Event Submitted/Written: 08/09/2008 04:29:19 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type11475 / Error
Event Submitted/Written: 08/09/2008 04:21:55 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-08-11 11:38:06 ------------
  • 0

#24
Jimmy2012
Posted 12 August 2008 - 03:48 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,
Please delete your current version of ComboFix.exe, and please delete these folders.
C:\qoobox
C:\ComboFix

Please make sure you have your flash card in your computer before running this scan.



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".
  • During the download, rename Combofix to Combo-Fix as follows:

    Posted Image

    Posted Image

  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Edited by Jimmy2012, 12 August 2008 - 04:02 PM.

  • 0

#25
toyma
Posted 12 August 2008 - 07:54 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy!!
Did what you asked... :) here are the logs:

ComboFix 08-08-12.01 - Thelma 2008-08-12 20:33:36.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT -5:00]
Running from: C:\Documents and Settings\Thelma\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\blcwfejh.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SROSA
-------\Service_srosa


((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
.

2008-08-11 11:33 . 2008-08-11 11:33 <DIR> d-------- C:\Deckard
2008-08-09 15:50 . 2008-08-09 16:10 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-08-09 15:50 . 2008-08-09 15:50 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-08-09 15:49 . 2008-08-09 15:49 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-08-09 15:49 . 2008-08-12 20:27 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-08-09 15:49 . 2008-08-12 20:36 2,060,832 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-09 15:49 . 2008-08-12 20:36 426,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-09 15:49 . 2008-08-12 20:36 17,180 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-09 15:49 . 2008-08-12 20:36 2,536 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-09 14:18 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-09 13:49 . 2008-08-09 14:18 <DIR> d-------- C:\Program Files\Java
2008-08-09 13:49 . 2008-08-09 13:49 <DIR> d-------- C:\Program Files\Common Files\Java
2008-08-09 13:44 . 2008-08-09 13:44 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-09 13:23 . 2008-08-09 13:23 <DIR> d-------- C:\Program Files\NOS
2008-08-09 13:23 . 2008-08-09 13:23 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS
2008-08-07 21:01 . 2008-08-07 21:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 21:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 21:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 16:21 . 2008-08-06 16:21 <DIR> d-------- C:\fsaua.data
2008-08-04 12:27 . 2008-08-11 11:36 <DIR> d-------- C:\HJT
2008-08-03 10:42 . 2008-08-05 17:11 <DIR> d-------- C:\Program Files\Asistente Prodigy
2008-08-03 10:28 . 2005-02-24 13:16 929,792 -ra------ C:\WINDOWS\system32\PRISME5.dll
2008-08-03 10:28 . 2005-02-24 13:16 15,781 -ra------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2008-08-03 10:27 . 2008-08-03 10:28 <DIR> d-------- C:\Program Files\Prodigy Infinitum
2008-08-02 12:10 . 2008-08-03 08:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-02 11:33 . 2008-08-02 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\Thelma\Application Data\Malwarebytes
2008-08-02 01:25 . 2008-08-02 01:25 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-08-02 01:05 . 2006-10-17 12:04 68,672 -ra------ C:\WINDOWS\system32\drivers\2WirePCP.sys
2008-08-01 15:34 . 2008-08-02 15:52 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-07-29 20:21 . 2008-07-29 20:21 218,376 --a------ C:\WINDOWS\system32\klogon.dll
2008-07-29 20:20 . 2008-07-29 20:20 24,774 --a------ C:\WINDOWS\system32\drivers\klopp.dat
2008-07-21 18:34 . 2008-07-21 18:34 121,872 --a------ C:\WINDOWS\system32\drivers\kl1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-12 06:30 --------- d-----w C:\Program Files\BrainsBreaker
2008-08-09 19:33 --------- d-----w C:\Program Files\PrintMaster Platinum 17
2008-08-09 18:43 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-03 15:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-02 00:08 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-01 23:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-08-01 19:20 --------- d-----w C:\Documents and Settings\Thelma\Application Data\U3
2008-08-01 07:09 --------- d-----w C:\Program Files\palmOne
2008-07-23 20:38 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-06-30 02:29 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Viewer MX
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 01:02 --------- d-----w C:\Documents and Settings\Thelma\Application Data\Costco Photo Organizer
2008-06-16 22:51 --------- d-----w C:\Program Files\MSN Messenger
2008-06-16 22:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 20:07 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-08-10 14:10 221184]
"DMXLauncher"="C:\Program Files\Roxio\Media Experience\DMXLauncher.exe" [2006-08-14 03:07 102400]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 11:00 1116920]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-05-06 14:58 172032]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 20:20 206088]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 12:23 15961088 C:\WINDOWS\RTHDCPL.EXE]

C:\Documents and Settings\Thelma\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 21:16:50 113664]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\PrintMaster Platinum 17\Remind.exe [2006-02-22 13:45:54 344064]
HP LaserJet 3150 Status.lnk - C:\jetsuite\JETSTAT.EXE [2007-08-18 13:53:51 147456]
Inicio r pido de Adobe Acrobat.lnk - C:\WINDOWS\Installer\{AC76BA86-1040-7D00-7760-000000000003}\_SC_Acrobat.exe [2007-09-28 19:31:30 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-01 22:06]
R1 jsmux;jsmux;C:\WINDOWS\system32\drivers\jsmux.sys [1999-09-22 13:48]
R1 jsscan;jsscan;C:\WINDOWS\system32\drivers\jsscan.sys [1999-09-22 13:48]
R2 jsfax;jsfax;C:\WINDOWS\system32\drivers\jsfax.sys [1999-09-22 13:48]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 18:06]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-06-26 10:24]
S4 jsdbg;jsdbg;C:\WINDOWS\system32\drivers\jsdbg.sys [1999-09-22 13:48]
.
Contents of the 'Scheduled Tasks' folder

2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 00:35]
.
- - - - ORPHANS REMOVED - - - -

BHO-{F3D97CD4-779B-47F3-BAAF-3248FE65822F} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKCU-Main,Start Page = hxxp://www.t1msn.com.mx/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: Anexar a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir destino de vínculo a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir destino de vínculo en archivo Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir selección a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convertir selección a archivo PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convertir vínculos seleccionados a Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convertir vínculos seleccionados a PDF existente - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 -: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-12 20:39:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\jetsuite\JSDAEMON.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\jetsuite\jsfman.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Completion time: 2008-08-12 20:49:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-13 01:49:20

Pre-Run: 33,768,878,080 bytes free
Post-Run: 33,661,079,552 bytes free

184 --- E O F --- 2008-07-25 16:03:18


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:52:08 p.m., on 12/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\jetsuite\jsdaemon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\jetsuite\JETSTAT.EXE
c:\jetsuite\JSFMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t1msn.com.mx/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - S-1-5-18 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\PrintMaster Platinum 17\Remind.exe
O4 - Global Startup: HP LaserJet 3150 Status.lnk = C:\jetsuite\JETSTAT.EXE
O4 - Global Startup: Inicio rápido de Adobe Acrobat.lnk = ?
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir destino de vínculo a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir destino de vínculo en archivo Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir selección a archivo PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir vínculos seleccionados a Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir vínculos seleccionados a PDF existente - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: ImTranslator - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O9 - Extra 'Tools' menuitem: ImTranslator - {AE436396-55E7-4ec4-AD6D-45E88A530A4C} - C:\PROGRA~1\SMARTL~1\IMTRAN~1\startup.html (HKCU)
O15 - Trusted Zone: http://cards.123greetings.com
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://download.macromedia.com
O15 - Trusted Zone: http://fpdownload.macromedia.com
O15 - Trusted Zone: http://www.macromedia.com
O15 - Trusted Zone: http://zone.msn.com
O15 - Trusted Zone: http://sdc.shockwave.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebo...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: jsdaemon - JetFax, Inc. - c:\jetsuite\jsdaemon.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

--
End of file - 11402 bytes
  • 0

Advertisements

#26
Jimmy2012
Posted 13 August 2008 - 02:43 PM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

Please make sure you have your flash card in your computer before you start this scan. Please do not run any files on your flash card, chances are one of those files are infected and if you run it you will get reinfected.


Please do an online scan with Kaspersky WebScanner
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
~~~~~~~~~
In your next reply please have these logs/info.
The Kaspersky log
And please tell me how your computer is running
  • 0

#27
toyma
Posted 13 August 2008 - 08:22 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Dear Jimmy,

For some reason, it won't let me run the online scanner. I tried disabling the AV, shutting it off, and every single time, when I got to the upataing databases stage, it rebooted on its own. I ran a full scan with Kaspersky, and here is the report. Hope it works.
Otherwise, the pc seems fine, no slowdowns or incidents to report.
If by any chance I leave the flash card on, then it won't reboot- I get a black screen with a flashing horizontal cursor. If I take it off and plug it in afterwards, there is no problem.

I will be waiting for your comments... as always!!

Date: Today (events: 3939)
13/08/2008 12:21:01 a.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 12:26:02 a.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 12:41:58 a.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 12:43:28 a.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 01:00:23 a.m. Update Task started Kaspersky Internet Security Update
13/08/2008 01:00:23 a.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:00:59 a.m. Update Task completed Kaspersky Internet Security Update
13/08/2008 01:00:59 a.m. System Security Kaspersky Internet Security Process exit C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:20:32 a.m. System Security BrainsBreaker jigsaw puzzle Process exit C:\Program Files\BRAINSBREAKER\BBRK4.EXE
13/08/2008 01:20:38 a.m. System Security Windows Logon UI Process start C:\WINDOWS\system32\logonui.exe
13/08/2008 01:20:40 a.m. System Security Realtek HD Audio Control Panel Process exit C:\WINDOWS\RTHDCPL.EXE
13/08/2008 01:20:40 a.m. System Security RoxMMTrayApp Module Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 01:20:41 a.m. System Security DMXLAUNCHER.EXE Process exit C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 01:20:41 a.m. System Security ROXHelpRunner Module Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 01:20:41 a.m. System Security Drag To Disc Application Process exit C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 01:20:42 a.m. System Security HPZTSB10.EXE Process exit C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 01:20:42 a.m. System Security AcroTray Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 01:20:42 a.m. System Security IType.exe Process exit C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 01:20:42 a.m. System Security IPoint.exe Process exit C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 01:20:42 a.m. System Security Java™ Platform SE binary Process exit C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 01:20:43 a.m. System Security Windows Live Messenger Process exit C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 01:20:43 a.m. System Security JetStat Application Process exit C:\JETSUITE\JETSTAT.EXE
13/08/2008 01:20:44 a.m. System Security FaxMan32 Application Process exit C:\JETSUITE\JSFMAN.EXE
13/08/2008 01:20:44 a.m. System Security Windows Security Center Notification App Process exit C:\WINDOWS\system32\wscntfy.exe
13/08/2008 01:20:44 a.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 01:20:44 a.m. System Security Windows Security Center Notification App Process exit C:\WINDOWS\system32\wscntfy.exe
13/08/2008 01:20:45 a.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 01:20:45 a.m. System Security CTF Loader Process exit C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 01:20:46 a.m. System Security Windows Explorer Process exit C:\WINDOWS\EXPLORER.EXE
13/08/2008 01:21:00 a.m. System Security Activation Licensing Service Process exit C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 01:02:59 p.m. System Security System Process start System
13/08/2008 01:02:59 p.m. System Security Windows NT Session Manager Process start C:\WINDOWS\system32\SMSS.EXE
13/08/2008 01:02:59 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 01:02:59 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 01:02:59 p.m. System Security Windows NT Logon Application Process start C:\WINDOWS\system32\WINLOGON.EXE
13/08/2008 01:02:59 p.m. System Security Services and Controller app Process start C:\WINDOWS\system32\SERVICES.EXE
13/08/2008 01:02:59 p.m. Protection Protection is disabled Kaspersky Internet Security
13/08/2008 01:02:59 p.m. System Security LSA Shell (Export Version) Process start C:\WINDOWS\system32\LSASS.EXE
13/08/2008 01:02:59 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:02:59 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:02:59 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:02:59 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:02:59 p.m. System Security Spooler SubSystem App Process start C:\WINDOWS\system32\SPOOLSV.EXE
13/08/2008 01:02:59 p.m. System Security Windows Explorer Process start C:\WINDOWS\EXPLORER.EXE
13/08/2008 01:02:59 p.m. System Security Realtek HD Audio Control Panel Process start C:\WINDOWS\RTHDCPL.EXE
13/08/2008 01:02:59 p.m. System Security RoxMMTrayApp Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 01:02:59 p.m. System Security DMXLAUNCHER.EXE Process start C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 01:02:59 p.m. System Security Drag To Disc Application Process start C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 01:02:59 p.m. System Security HPZTSB10.EXE Process start C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 01:02:59 p.m. System Security AcroTray Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 01:02:59 p.m. System Security IType.exe Process start C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 01:02:59 p.m. System Security IPoint.exe Process start C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 01:02:59 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 01:02:59 p.m. System Security Java™ Platform SE binary Process start C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 01:02:59 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:02:59 p.m. System Security ATI Smart Process start C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 01:02:59 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:02:59 p.m. System Security CTF Loader Process start C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 01:02:59 p.m. System Security Windows Live Messenger Process start C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 01:02:59 p.m. System Security JetFax NT MFP Daemon Service Process start C:\JETSUITE\JSDAEMON.EXE
13/08/2008 01:02:59 p.m. System Security Roxio UPnP Service 9 Process start C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 01:02:59 p.m. System Security JetStat Application Process start C:\JETSUITE\JETSTAT.EXE
13/08/2008 01:02:59 p.m. System Security Roxio LiveShare Service Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 01:02:59 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 01:02:59 p.m. System Security RoxSniffer9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCH9.EXE
13/08/2008 01:02:59 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:02:59 p.m. System Security FaxMan32 Application Process start C:\JETSUITE\JSFMAN.EXE
13/08/2008 01:02:59 p.m. System Security Windows User Mode Driver Manager Process start C:\WINDOWS\system32\WDFMGR.EXE
13/08/2008 01:03:01 p.m. System Security ATI Smart Process exit C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 01:03:01 p.m. System Security Roxio UPnP Service 9 Process exit C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 01:03:01 p.m. System Security Activation Licensing Service Process start C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 01:03:01 p.m. System Security Roxio LiveShare Service Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 01:03:02 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 01:03:05 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 01:03:05 p.m. System Security RoxMediaDB9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXMEDIADB9.EXE
13/08/2008 01:03:10 p.m. System Security Application Layer Gateway Service Process start C:\WINDOWS\system32\alg.exe
13/08/2008 01:03:11 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:03:17 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 01:03:19 p.m. System Security CorelDRAW® Process start C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELDRW.EXE
13/08/2008 01:03:21 p.m. System Security Acrobat Distiller Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 01:03:23 p.m. System Security ROXHelpRunner Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 01:03:30 p.m. Update Task started Kaspersky Internet Security Update
13/08/2008 01:03:30 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:03:34 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 01:03:50 p.m. System Security InstallShield Update Service Agent Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 01:04:23 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:04:25 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:04:29 p.m. System Security Acrobat Distiller Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 01:04:36 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 01:04:52 p.m. System Security InstallShield Update Service Agent Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 01:04:58 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:04:58 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:04:59 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:04:59 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:05:11 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:05:11 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:05:11 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:05:13 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:05:38 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:05:38 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:05:51 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 01:06:22 p.m. License Invalid key Kaspersky Internet Security
13/08/2008 01:06:39 p.m. Update Task completed Kaspersky Internet Security Update
13/08/2008 01:06:41 p.m. System Security Kaspersky Internet Security Process exit C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 01:07:38 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 01:07:48 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 01:08:54 p.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 01:15:38 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:43:22 p.m. System Security Run a DLL as an App Process start C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 01:43:25 p.m. System Security Run a DLL as an App Process exit C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 01:53:45 p.m. System Security Windows TaskManager Process start C:\WINDOWS\system32\taskmgr.exe
13/08/2008 01:53:50 p.m. System Security Windows Error Reporting Dump Reporting Tool Process start C:\WINDOWS\system32\dumprep.exe
13/08/2008 01:53:59 p.m. System Security CorelDRAW® Process exit C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELDRW.EXE
13/08/2008 01:54:00 p.m. System Security Microsoft Application Error Reporting Process start C:\WINDOWS\system32\dwwin.exe
13/08/2008 01:54:02 p.m. System Security Microsoft Application Error Reporting Process exit C:\WINDOWS\system32\dwwin.exe
13/08/2008 01:54:02 p.m. System Security Windows Error Reporting Dump Reporting Tool Process exit C:\WINDOWS\system32\dumprep.exe
13/08/2008 01:54:03 p.m. System Security Windows TaskManager Process exit C:\WINDOWS\system32\taskmgr.exe
13/08/2008 01:54:12 p.m. System Security CorelDRAW® Process start C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELDRW.EXE
13/08/2008 01:54:17 p.m. System Security InstallShield Update Service Agent Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 01:54:19 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:54:21 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:54:21 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:54:22 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:54:22 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:54:22 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:54:22 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:54:23 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 01:54:23 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 01:54:43 p.m. System Security InstallShield Update Service Agent Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 02:04:23 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 02:09:11 p.m. System Security Corel PHOTO-PAINT® Process start C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELPP.EXE
13/08/2008 02:09:12 p.m. System Security InstallShield Update Service Agent Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 02:09:21 p.m. System Security Corel PHOTO-PAINT® Process exit C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELPP.EXE
13/08/2008 02:09:42 p.m. System Security InstallShield Update Service Agent Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\AGENT.EXE
13/08/2008 02:50:29 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 02:55:30 p.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 03:00:53 p.m. System Security CorelDRAW® Process exit C:\Program Files\COREL\COREL GRAPHICS 12\PROGRAMS\CORELDRW.EXE
13/08/2008 03:01:17 p.m. System Security Internet Explorer Process start C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 03:01:23 p.m. System Security WLLoginProxy.exe Process start C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 03:07:17 p.m. System Security Internet Explorer Process exit C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 03:07:23 p.m. System Security WLLoginProxy.exe Process exit C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 03:23:38 p.m. Update Task started Kaspersky Internet Security Update
13/08/2008 03:23:38 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 03:25:05 p.m. Update Task completed Kaspersky Internet Security Update
13/08/2008 03:25:06 p.m. System Security Kaspersky Internet Security Process exit C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 03:59:45 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 04:04:48 p.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 04:31:00 p.m. System Security BrainsBreaker jigsaw puzzle Process start C:\Program Files\BRAINSBREAKER\BBRK4.EXE
13/08/2008 04:32:26 p.m. System Security BrainsBreaker jigsaw puzzle Process exit C:\Program Files\BRAINSBREAKER\BBRK4.EXE
13/08/2008 04:36:25 p.m. System Security Internet Explorer Process start C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 04:36:30 p.m. System Security WLLoginProxy.exe Process start C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 04:37:50 p.m. System Security Run a DLL as an App Process start C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 04:37:50 p.m. System Security Run a DLL as an App Process exit C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 04:37:55 p.m. System Security Run a DLL as an App Process start C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 04:37:55 p.m. System Security Run a DLL as an App Process exit C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 04:38:01 p.m. System Security Run a DLL as an App Process start C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 04:38:01 p.m. System Security Run a DLL as an App Process exit C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 06:23:53 p.m. System Security System Process start System
13/08/2008 06:23:53 p.m. System Security Windows NT Session Manager Process start C:\WINDOWS\system32\SMSS.EXE
13/08/2008 06:23:53 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 06:23:53 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 06:23:53 p.m. System Security Windows NT Logon Application Process start C:\WINDOWS\system32\WINLOGON.EXE
13/08/2008 06:23:53 p.m. System Security Services and Controller app Process start C:\WINDOWS\system32\SERVICES.EXE
13/08/2008 06:23:53 p.m. Protection Protection is disabled Kaspersky Internet Security
13/08/2008 06:23:54 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 06:23:54 p.m. System Security LSA Shell (Export Version) Process start C:\WINDOWS\system32\LSASS.EXE
13/08/2008 06:23:54 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:23:54 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:23:54 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:23:54 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:23:54 p.m. System Security Spooler SubSystem App Process start C:\WINDOWS\system32\SPOOLSV.EXE
13/08/2008 06:23:54 p.m. System Security Windows Explorer Process start C:\WINDOWS\EXPLORER.EXE
13/08/2008 06:23:54 p.m. System Security Realtek HD Audio Control Panel Process start C:\WINDOWS\RTHDCPL.EXE
13/08/2008 06:23:54 p.m. System Security RoxMMTrayApp Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 06:23:54 p.m. System Security DMXLAUNCHER.EXE Process start C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 06:23:54 p.m. System Security Drag To Disc Application Process start C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 06:23:54 p.m. System Security HPZTSB10.EXE Process start C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 06:23:54 p.m. System Security AcroTray Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 06:23:54 p.m. System Security IType.exe Process start C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 06:23:54 p.m. System Security IPoint.exe Process start C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 06:23:54 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 06:23:55 p.m. System Security Java™ Platform SE binary Process start C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 06:23:55 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 06:23:55 p.m. System Security ATI Smart Process start C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 06:23:55 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 06:23:55 p.m. System Security Activation Licensing Service Process start C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 06:23:55 p.m. System Security CTF Loader Process start C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 06:23:55 p.m. System Security JetFax NT MFP Daemon Service Process start C:\JETSUITE\JSDAEMON.EXE
13/08/2008 06:23:55 p.m. System Security Roxio UPnP Service 9 Process start C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 06:23:55 p.m. System Security Roxio LiveShare Service Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 06:23:55 p.m. System Security Windows Live Messenger Process start C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 06:23:55 p.m. System Security RoxSniffer9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCH9.EXE
13/08/2008 06:23:55 p.m. System Security JetStat Application Process start C:\JETSUITE\JETSTAT.EXE
13/08/2008 06:23:55 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 06:23:55 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:23:55 p.m. System Security Roxio LiveShare Service Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 06:23:55 p.m. System Security Windows User Mode Driver Manager Process start C:\WINDOWS\system32\WDFMGR.EXE
13/08/2008 06:23:56 p.m. System Security FaxMan32 Application Process start C:\JETSUITE\JSFMAN.EXE
13/08/2008 06:23:56 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 06:23:57 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 06:23:59 p.m. System Security RoxMediaDB9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXMEDIADB9.EXE
13/08/2008 06:24:02 p.m. System Security Application Layer Gateway Service Process start C:\WINDOWS\system32\alg.exe
13/08/2008 06:24:06 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 06:24:10 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 06:24:12 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 06:24:13 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 06:24:13 p.m. System Security Acrobat Distiller Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 06:24:30 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 06:24:49 p.m. System Security Acrobat Distiller Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 06:24:51 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 06:25:04 p.m. Update Task started Kaspersky Internet Security Update
13/08/2008 06:25:04 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 06:25:54 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 06:26:38 p.m. Update Task completed Kaspersky Internet Security Update
13/08/2008 06:26:39 p.m. System Security Kaspersky Internet Security Process exit C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 06:28:24 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 06:28:26 p.m. System Security Windows NT Save Dump Utility Process exit C:\WINDOWS\system32\savedump.exe
13/08/2008 06:28:37 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 06:29:34 p.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:03:36 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 07:03:37 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:03:40 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:03:45 p.m. System Security ROXHelpRunner Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 07:03:45 p.m. System Security Internet Explorer Process start C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 07:03:51 p.m. System Security WLLoginProxy.exe Process start C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 07:05:10 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:07:01 p.m. System Security System Process start System
13/08/2008 07:07:01 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 07:07:01 p.m. System Security Windows NT Session Manager Process start C:\WINDOWS\system32\SMSS.EXE
13/08/2008 07:07:01 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 07:07:01 p.m. System Security Windows NT Logon Application Process start C:\WINDOWS\system32\WINLOGON.EXE
13/08/2008 07:07:01 p.m. System Security Services and Controller app Process start C:\WINDOWS\system32\SERVICES.EXE
13/08/2008 07:07:01 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 07:07:01 p.m. System Security LSA Shell (Export Version) Process start C:\WINDOWS\system32\LSASS.EXE
13/08/2008 07:07:01 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:01 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:01 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:01 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:01 p.m. System Security Spooler SubSystem App Process start C:\WINDOWS\system32\SPOOLSV.EXE
13/08/2008 07:07:01 p.m. System Security Windows Explorer Process start C:\WINDOWS\EXPLORER.EXE
13/08/2008 07:07:01 p.m. System Security ATI Smart Process start C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:07:01 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:07:01 p.m. System Security Realtek HD Audio Control Panel Process start C:\WINDOWS\RTHDCPL.EXE
13/08/2008 07:07:01 p.m. System Security RoxMMTrayApp Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 07:07:01 p.m. System Security DMXLAUNCHER.EXE Process start C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 07:07:01 p.m. System Security Drag To Disc Application Process start C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 07:07:01 p.m. System Security JetFax NT MFP Daemon Service Process start C:\JETSUITE\JSDAEMON.EXE
13/08/2008 07:07:01 p.m. Protection Protection is disabled Kaspersky Internet Security
13/08/2008 07:07:01 p.m. System Security HPZTSB10.EXE Process start C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 07:07:01 p.m. System Security Roxio UPnP Service 9 Process start C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:07:01 p.m. System Security Roxio LiveShare Service Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:07:01 p.m. System Security AcroTray Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 07:07:01 p.m. System Security IType.exe Process start C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 07:07:01 p.m. System Security IPoint.exe Process start C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 07:07:01 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 07:07:01 p.m. System Security RoxSniffer9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCH9.EXE
13/08/2008 07:07:01 p.m. System Security Java™ Platform SE binary Process start C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 07:07:01 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:07:01 p.m. System Security CTF Loader Process start C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 07:07:01 p.m. System Security Windows Error Reporting Dump Reporting Tool Process start C:\WINDOWS\system32\dumprep.exe
13/08/2008 07:07:01 p.m. System Security Windows Live Messenger Process start C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 07:07:02 p.m. System Security Microsoft Application Error Reporting Process start C:\WINDOWS\system32\dwwin.exe
13/08/2008 07:07:03 p.m. System Security JetStat Application Process start C:\JETSUITE\JETSTAT.EXE
13/08/2008 07:07:03 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:03 p.m. System Security Windows User Mode Driver Manager Process start C:\WINDOWS\system32\WDFMGR.EXE
13/08/2008 07:07:03 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 07:07:03 p.m. System Security FaxMan32 Application Process start C:\JETSUITE\JSFMAN.EXE
13/08/2008 07:07:04 p.m. System Security ATI Smart Process exit C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:07:04 p.m. System Security Roxio UPnP Service 9 Process exit C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:07:04 p.m. System Security Roxio LiveShare Service Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:07:04 p.m. System Security Activation Licensing Service Process start C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 07:07:06 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 07:07:06 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:07:12 p.m. System Security RoxMediaDB9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXMEDIADB9.EXE
13/08/2008 07:07:15 p.m. System Security Application Layer Gateway Service Process start C:\WINDOWS\system32\alg.exe
13/08/2008 07:07:17 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:07:22 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:07:25 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:07:26 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 07:07:27 p.m. System Security Acrobat Distiller Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:07:41 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:08:17 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:08:31 p.m. System Security Acrobat Distiller Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:09:06 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:11:07 p.m. System Security Microsoft Application Error Reporting Process exit C:\WINDOWS\system32\dwwin.exe
13/08/2008 07:11:10 p.m. System Security Microsoft Application Error Reporting Process start C:\WINDOWS\system32\dwwin.exe
13/08/2008 07:11:13 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 07:11:13 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:11:13 p.m. System Security Microsoft Application Error Reporting Process exit C:\WINDOWS\system32\dwwin.exe
13/08/2008 07:11:14 p.m. System Security Windows Error Reporting Dump Reporting Tool Process exit C:\WINDOWS\system32\dumprep.exe
13/08/2008 07:11:15 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:11:18 p.m. System Security ROXHelpRunner Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 07:11:18 p.m. System Security Internet Explorer Process start C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 07:11:24 p.m. System Security WLLoginProxy.exe Process start C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 07:11:27 p.m. System Security Windows NT Save Dump Utility Process exit C:\WINDOWS\system32\savedump.exe
13/08/2008 07:11:41 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 07:11:50 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 07:12:45 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:14:28 p.m. System Security System Process start System
13/08/2008 07:14:28 p.m. System Security Windows NT Session Manager Process start C:\WINDOWS\system32\SMSS.EXE
13/08/2008 07:14:28 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 07:14:28 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 07:14:28 p.m. System Security Windows NT Logon Application Process start C:\WINDOWS\system32\WINLOGON.EXE
13/08/2008 07:14:28 p.m. System Security Services and Controller app Process start C:\WINDOWS\system32\SERVICES.EXE
13/08/2008 07:14:28 p.m. Protection Protection is disabled Kaspersky Internet Security
13/08/2008 07:14:28 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 07:14:28 p.m. System Security LSA Shell (Export Version) Process start C:\WINDOWS\system32\LSASS.EXE
13/08/2008 07:14:28 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:28 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:28 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:28 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:28 p.m. System Security Spooler SubSystem App Process start C:\WINDOWS\system32\SPOOLSV.EXE
13/08/2008 07:14:28 p.m. System Security Windows Explorer Process start C:\WINDOWS\EXPLORER.EXE
13/08/2008 07:14:28 p.m. System Security Realtek HD Audio Control Panel Process start C:\WINDOWS\RTHDCPL.EXE
13/08/2008 07:14:28 p.m. System Security RoxMMTrayApp Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 07:14:28 p.m. System Security DMXLAUNCHER.EXE Process start C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 07:14:28 p.m. System Security Drag To Disc Application Process start C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 07:14:28 p.m. System Security HPZTSB10.EXE Process start C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 07:14:28 p.m. System Security AcroTray Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 07:14:28 p.m. System Security IType.exe Process start C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 07:14:28 p.m. System Security IPoint.exe Process start C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 07:14:28 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 07:14:28 p.m. System Security Java™ Platform SE binary Process start C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 07:14:28 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:14:28 p.m. System Security CTF Loader Process start C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 07:14:28 p.m. System Security ATI Smart Process start C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:14:28 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:14:28 p.m. System Security Windows Live Messenger Process start C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 07:14:28 p.m. System Security JetFax NT MFP Daemon Service Process start C:\JETSUITE\JSDAEMON.EXE
13/08/2008 07:14:28 p.m. System Security Roxio UPnP Service 9 Process start C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:14:28 p.m. System Security JetStat Application Process start C:\JETSUITE\JETSTAT.EXE
13/08/2008 07:14:28 p.m. System Security Roxio LiveShare Service Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:14:28 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 07:14:28 p.m. System Security RoxSniffer9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCH9.EXE
13/08/2008 07:14:28 p.m. System Security FaxMan32 Application Process start C:\JETSUITE\JSFMAN.EXE
13/08/2008 07:14:28 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:28 p.m. System Security Windows User Mode Driver Manager Process start C:\WINDOWS\system32\WDFMGR.EXE
13/08/2008 07:14:30 p.m. System Security Activation Licensing Service Process start C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 07:14:31 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:14:34 p.m. System Security ATI Smart Process exit C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:14:34 p.m. System Security Roxio UPnP Service 9 Process exit C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:14:35 p.m. System Security Roxio LiveShare Service Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:14:35 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 07:14:35 p.m. System Security RoxMediaDB9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXMEDIADB9.EXE
13/08/2008 07:14:39 p.m. System Security Application Layer Gateway Service Process start C:\WINDOWS\system32\alg.exe
13/08/2008 07:14:40 p.m. System Security Run a DLL as an App Process start C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 07:14:40 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:14:40 p.m. System Security Run a DLL as an App Process exit C:\WINDOWS\system32\RUNDLL32.EXE
13/08/2008 07:14:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:14:48 p.m. System Security Acrobat Distiller Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:14:49 p.m. System Security Windows® installer Process start C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:14:50 p.m. System Security InstallDriver Module Process start C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 07:15:08 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:15:23 p.m. System Security Acrobat Distiller Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:15:39 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:16:25 p.m. System Security Verify Class ID Process start C:\WINDOWS\system32\VERCLSID.EXE
13/08/2008 07:16:27 p.m. System Security InstallDriver Module Process exit C:\Program Files\COMMON FILES\INSTALLSHIELD\DRIVER\8\INTEL 32\IDRIVER.EXE
13/08/2008 07:16:27 p.m. System Security Windows® installer Process exit C:\WINDOWS\system32\MSIEXEC.EXE
13/08/2008 07:16:27 p.m. System Security Verify Class ID Process exit C:\WINDOWS\system32\VERCLSID.EXE
13/08/2008 07:16:28 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:16:31 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:16:34 p.m. System Security ROXHelpRunner Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 07:18:00 p.m. System Security WMI Process exit C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:18:33 p.m. System Security Internet Explorer Process start C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE
13/08/2008 07:18:39 p.m. System Security WLLoginProxy.exe Process start C:\Program Files\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLLOGINPROXY.EXE
13/08/2008 07:19:01 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 07:19:05 p.m. System Security Windows NT Save Dump Utility Process exit C:\WINDOWS\system32\savedump.exe
13/08/2008 07:19:10 p.m. System Security Adobe Acrobat SpeedLauncher Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 07:20:19 p.m. System Security Windows Update Automatic Updates Process exit C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:22:45 p.m. System Security System Process start System
13/08/2008 07:22:45 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 07:22:45 p.m. System Security Windows NT Session Manager Process start C:\WINDOWS\system32\SMSS.EXE
13/08/2008 07:22:45 p.m. System Security Client Server Runtime Process Process start C:\WINDOWS\system32\CSRSS.EXE
13/08/2008 07:22:45 p.m. System Security Windows NT Logon Application Process start C:\WINDOWS\system32\WINLOGON.EXE
13/08/2008 07:22:45 p.m. System Security Services and Controller app Process start C:\WINDOWS\system32\SERVICES.EXE
13/08/2008 07:22:45 p.m. System Security Windows NT Save Dump Utility Process start C:\WINDOWS\system32\savedump.exe
13/08/2008 07:22:45 p.m. System Security LSA Shell (Export Version) Process start C:\WINDOWS\system32\LSASS.EXE
13/08/2008 07:22:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:22:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:22:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:22:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:22:45 p.m. System Security Spooler SubSystem App Process start C:\WINDOWS\system32\SPOOLSV.EXE
13/08/2008 07:22:45 p.m. System Security Windows Explorer Process start C:\WINDOWS\EXPLORER.EXE
13/08/2008 07:22:45 p.m. System Security Realtek HD Audio Control Panel Process start C:\WINDOWS\RTHDCPL.EXE
13/08/2008 07:22:45 p.m. System Security RoxMMTrayApp Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCHTRAY9.EXE
13/08/2008 07:22:45 p.m. Protection Protection is disabled Kaspersky Internet Security
13/08/2008 07:22:45 p.m. System Security DMXLAUNCHER.EXE Process start C:\Program Files\ROXIO\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
13/08/2008 07:22:45 p.m. System Security Drag To Disc Application Process start C:\Program Files\ROXIO\DRAG-TO-DISC\DRGTODSC.EXE
13/08/2008 07:22:45 p.m. System Security HPZTSB10.EXE Process start C:\WINDOWS\system32\SPOOL\DRIVERS\W32X86\3\HPZTSB10.EXE
13/08/2008 07:22:45 p.m. System Security AcroTray Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
13/08/2008 07:22:45 p.m. System Security IType.exe Process start C:\Program Files\MICROSOFT INTELLITYPE PRO\ITYPE.EXE
13/08/2008 07:22:45 p.m. System Security IPoint.exe Process start C:\Program Files\MICROSOFT INTELLIPOINT\IPOINT.EXE
13/08/2008 07:22:45 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\READER 9.0\READER\READER_SL.EXE
13/08/2008 07:22:45 p.m. System Security Java™ Platform SE binary Process start C:\Program Files\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE
13/08/2008 07:22:45 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:22:45 p.m. System Security ATI Smart Process start C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:22:45 p.m. System Security Kaspersky Internet Security Process start C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
13/08/2008 07:22:45 p.m. System Security CTF Loader Process start C:\WINDOWS\system32\CTFMON.EXE
13/08/2008 07:22:45 p.m. System Security JetFax NT MFP Daemon Service Process start C:\JETSUITE\JSDAEMON.EXE
13/08/2008 07:22:45 p.m. System Security Windows Live Messenger Process start C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
13/08/2008 07:22:45 p.m. System Security Roxio UPnP Service 9 Process start C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:22:45 p.m. System Security JetStat Application Process start C:\JETSUITE\JETSTAT.EXE
13/08/2008 07:22:45 p.m. System Security Roxio LiveShare Service Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:22:45 p.m. System Security Adobe Acrobat SpeedLauncher Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACROBAT_SL.EXE
13/08/2008 07:22:45 p.m. System Security RoxSniffer9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXWATCH9.EXE
13/08/2008 07:22:45 p.m. System Security FaxMan32 Application Process start C:\JETSUITE\JSFMAN.EXE
13/08/2008 07:22:45 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:22:45 p.m. System Security Windows User Mode Driver Manager Process start C:\WINDOWS\system32\WDFMGR.EXE
13/08/2008 07:22:45 p.m. System Security ATI Smart Process exit C:\WINDOWS\system32\ati2sgag.exe
13/08/2008 07:22:47 p.m. System Security Roxio LiveShare Service Process exit C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXLIVESHARE9.EXE
13/08/2008 07:22:47 p.m. System Security Roxio UPnP Service 9 Process exit C:\Program Files\COMMON FILES\SONIC SHARED\ROXIOUPNPSERVICE9.EXE
13/08/2008 07:22:47 p.m. System Security Activation Licensing Service Process start C:\Program Files\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE
13/08/2008 07:22:48 p.m. System Security WMI Process start C:\WINDOWS\system32\WBEM\WMIPRVSE.EXE
13/08/2008 07:22:50 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 07:22:53 p.m. System Security RoxMediaDB9 Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\ROXMEDIADB9.EXE
13/08/2008 07:22:55 p.m. System Security Application Layer Gateway Service Process start C:\WINDOWS\system32\alg.exe
13/08/2008 07:23:00 p.m. System Security Generic Host Process for Win32 Services Process start C:\WINDOWS\system32\SVCHOST.EXE
13/08/2008 07:23:04 p.m. System Security Acrobat Distiller Process start C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:23:06 p.m. System Security ROXHelpRunner Module Process start C:\Program Files\COMMON FILES\ROXIO SHARED\9.0\SHAREDCOM\CPSHELPRUNNER.EXE
13/08/2008 07:23:10 p.m. Files and Memory Task started Kaspersky Internet Security Files and Memory
13/08/2008 07:23:10 p.m. Email and IM Task started Kaspersky Internet Security Email and IM
13/08/2008 07:23:10 p.m. Anti-Spam Task started Kaspersky Internet Security Anti-Spam
13/08/2008 07:23:10 p.m. Web Traffic Task started Kaspersky Internet Security Web Traffic
13/08/2008 07:23:10 p.m. Anti-Dialer Task started Kaspersky Internet Security Anti-Dialer
13/08/2008 07:23:11 p.m. Firewall Task started Kaspersky Internet Security Firewall
13/08/2008 07:23:11 p.m. Anti-Phishing Task started Kaspersky Internet Security Anti-Phishing
13/08/2008 07:23:11 p.m. Application Filtering Task started Kaspersky Internet Security Application Filtering
13/08/2008 07:23:11 p.m. Proactive Defense Task started Kaspersky Internet Security Proactive Defense
13/08/2008 07:23:11 p.m. Network Attack Blocker Task started Kaspersky Internet Security Network Attack Blocker
13/08/2008 07:23:13 p.m. System Security Windows Security Center Notification App Process exit C:\WINDOWS\system32\wscntfy.exe
13/08/2008 07:24:02 p.m. System Security Acrobat Distiller Process exit C:\Program Files\ADOBE\ACROBAT 8.0\ACROBAT\ACRODIST.EXE
13/08/2008 07:24:04 p.m. Application Filtering Windows NT Save Dump Utility Placed in group Unknown application Signed by the digital signature of entrusted manufacturers
13/08/2008 07:24:04 p.m. Application Filtering Windows Security Center Notification App Placed in group Unknown application Signed by the digital signature of entrusted manufacturers
13/08/2008 07:24:04 p.m. Application Filtering Windows Update Automatic Updates Placed in group Unknown application Signed by the digital signature of entrusted manufacturers
13/08/2008 07:24:04 p.m. System Security Windows Security Center Notification App Process start C:\WINDOWS\system32\wscntfy.exe
13/08/2008 07:24:04 p.m. System Security Windows Update Automatic Updates Process start C:\WINDOWS\system32\wuauclt.exe
13/08/2008 07:24:06 p.m. Application Filtering Application Layer Gateway Service Placed in
  • 0

#28
toyma
Posted 13 August 2008 - 08:23 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I hope in this report you can see it did find some incidents and for a while the bar on the program turned red, but when it finished it turned green again.
  • 0

#29
Jimmy2012
Posted 14 August 2008 - 11:09 AM

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello toyma,

and for a while the bar on the program turned red, but when it finished it turned green again.

Do you mean on Kaspersky?

For some reason, it won't let me run the online scanner.

Ok, lets try another scanner and see if that will work.

Please make sure you have your flash card in your computer before running this scan.

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

  • 0

#30
toyma
Posted 14 August 2008 - 07:14 PM

toyma

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Jimmy,

No luck this time either. It downloaded the Fsecure program, and the moment it started scanning, it rebooted.

Now that it's back on, it gives me a message "The system has recovered from a serious error".
There is an option to see what this error contains:
Error signature:
BCCode : 100000d4 BCP1 : EE4FC938 BCP2 : 000000FF BCP3 : 00000001
BCP4 : 80545C29 OSVer : 5_1_2600 SP : 2_0 Product : 256_1

And it says the following files will be included in the report:
C:\DOCUME~1\Thelma\LOCALS~1\Temp\WERacf5.dir00\Mini081408-01.dmp
C:\DOCUME~1\Thelma\LOCALS~1\Temp\WERacf5.dir00\sysdata.xml

Do you have a clue as to what is going on??

:) :) :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP