Please help!

[qwerty77]

It's running somewhat better, here is the new CF log:

ComboFix 07-12-31.4 - Owner 2008-01-02 7:59:29.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Combo.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\cfscript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-01 21:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 18:33 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\SET161.tmp
2007-12-31 19:34 . 2007-12-31 19:34 812,344 --a------ C:\HJTInstall.exe
2007-12-31 19:33 . 2007-12-31 19:33 6,163 --a------ C:\downloadget.htm
2007-12-31 19:15 . 2007-12-31 19:15 401,720 --a------ C:\HiJackThis.exe
2007-12-31 18:37 . 2008-01-01 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43 . 2006-07-04 04:35 159,872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys
2007-12-30 17:43 . 2006-03-01 04:56 61,440 -ra------ C:\WINDOWS\system32\etVFW.dll
2007-12-30 17:43 . 2006-02-19 21:19 36,864 --a------ C:\WINDOWS\system32\etProp.ax
2007-12-30 17:43 . 2005-10-11 17:57 36,864 -ra------ C:\WINDOWS\etMon.exe
2007-12-30 17:43 . 2005-05-25 18:56 28,672 -ra------ C:\WINDOWS\etRun.exe
2007-12-30 17:43 . 2004-09-14 19:25 17,808 -ra------ C:\WINDOWS\system32\emYUV.dll
2007-12-30 17:42 . 2005-10-20 18:11 94,720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys
2007-12-30 17:42 . 2005-10-20 18:29 6,016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys
2007-12-30 17:36 . 2007-12-31 20:30 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24 . 2007-12-30 17:24 <DIR> d-------- C:\Program Files\eMPIA-ET
2007-12-30 17:24 . 2005-07-01 19:01 393,306 --a------ C:\WINDOWS\etamcap.exe
2007-12-30 17:24 . 2005-05-25 19:18 217,088 --a------ C:\WINDOWS\etSTI.exe
2007-12-30 17:24 . 2005-06-10 16:07 208,896 --a------ C:\WINDOWS\etCap.exe
2007-12-30 15:11 . 2007-12-30 15:20 <DIR> d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53 . 2007-12-29 13:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20 . 2007-12-29 08:20 <DIR> d-------- C:\Program Files\MSECache
2007-12-28 08:01 . 2007-12-28 08:01 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-12-15 12:27 . 2007-12-15 12:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-15 12:27 . 2007-12-15 12:27 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 12:55 --------- d-----w C:\Program Files\LimeWire
2008-01-02 12:51 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-02 12:39 --------- d-----w C:\Program Files\Sony Pictures Games
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-01-02 12:37 --------- d-----w C:\Program Files\DAPlus
2008-01-02 12:37 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-02 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-02 02:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-02 02:33 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-01 01:30 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-01-01 01:30 118,784 ----a-w C:\WINDOWS\system32\igfxpers.exe
2008-01-01 00:34 --------- d-----w C:\Program Files\Trend Micro
2007-12-31 22:10 74,240 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-31 22:10 56,832 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-31 21:57 8,477 ----a-w C:\WINDOWS\system32\ksvcl.dll
2007-12-31 21:57 26,120 ----a-w C:\WINDOWS\system32\kcopt.dll
2007-12-31 18:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 22:46 --------- d-----w C:\Program Files\Java
2007-12-30 22:38 --------- d-----w C:\Program Files\QuickTime
2007-12-30 22:38 --------- d-----w C:\Program Files\iTunes
2007-12-30 22:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-30 22:38 --------- d-----w C:\Program Files\Apoint
2007-12-30 22:36 94,208 ----a-w C:\WINDOWS\system32\igfxtray.exe
2007-12-30 22:36 77,824 ----a-w C:\WINDOWS\system32\hkcmd.exe
2007-12-30 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 22:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-12-27 02:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-26 03:04 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 03:04 --------- d-----w C:\Program Files\1Club.FM
2007-12-26 02:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2007-12-26 02:51 --------- d-----w C:\Program Files\BitTorrent
2007-12-10 13:53 --------- d-----w C:\Program Files\AIM
2007-12-07 05:25 47,760 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 18:37 --------- d-----w C:\Program Files\Google
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 02:20 --------- d-----w C:\Program Files\MySpace
2007-11-08 02:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\MySpace
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-05-28 15:55 30,033,136 ----a-w C:\Documents and Settings\Owner\SymantecAV10.1.4.B4000.exe
.

((((((((((((((((((((((((((((( snapshot@2008-01-01_21.54.35.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-02 12:48:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2005-10-14 12:21 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 07:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-12-30 17:36 4670968]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2007-12-30 17:36 77824]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 23:08 28672]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2007-12-30 17:36 217088]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-12-30 17:36 32768]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-08 12:50 7561216]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-12-30 17:36 176128]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2007-12-31 20:30 118784]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-12-30 17:36 136768]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-30 09:50 112216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 15:56 64512]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-12-30 17:36 551032]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-12-30 17:36 124656]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-30 17:36 53408]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [2004-02-23 03:16 144896]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-30 17:36 256576]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-30 17:36 282624]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2007-12-30 17:36 69632]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-12-31 13:10 132496]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2007-12-30 17:36 94208]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-12-30 17:36 118784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2007-12-30 17:36 479232]
"etMonitor"="C:\WINDOWS\etMon.exe" [2005-10-11 17:57 36864]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2008-01-01 18:19 1065800]
"HostManager"="C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-30 17:36 8720384]


Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-06-03 21:52:53]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-09-06 23:13:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [2006-08-02 15:15:47]
VPN Client.lnk - C:\WINDOWS\Installer\{8A3A2363-2129-43FB-8DFC-F237DA58038C}\Icon3E5562ED7.ico [2007-06-16 12:48:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [2006-08-02 15:15 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 16:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 19:26]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 21:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 21:32]
S3 DCamUSBET;scopetek dcm130 usb2.0 device;C:\WINDOWS\system32\DRIVERS\etDevice.sys [2005-10-20 18:11]
S3 FiltUSBET;dcm130 USB Device Lower Filter;C:\WINDOWS\system32\DRIVERS\etFilter.sys [2006-07-04 04:35]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 21:10]
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2002-06-28 20:21]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2001-07-24 12:34]
S3 ScanUSBET;dcm130 USB Still Image Capture Device;C:\WINDOWS\system32\DRIVERS\etScan.sys [2005-10-20 18:29]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 19:23]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
\Shell\AutoRun\command - E:\sony\Autorun.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 08:06:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 8:11:41
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 13:11:35
C:\qoobox\ComboFix2.txt 2008-01-02 02:54:57
.
2007-12-31 22:36:05 --- E O F ---

[qwerty77]

When the computer rebooted after the CF scan I got a "system has recovered from a serious error" message.

[katana]

When the computer rebooted after the CF scan I got a "system has recovered from a serious error" message.

Curious ???

There is no malware visible in the last log, what problems are you having now ?
Did you disable/remove one of the Antivirus programs ?

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/virusscanner

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Please post all three logs in your reply ( you may need more than one post )

[qwerty77]

I can't use MS office, my antivirus programs, or IE yet. My control panel is back though.

[qwerty77]

I also get pop-up errors about a persistance module every few hours.

Here's the extra log:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 61%
Physical Memory (total/avail): 1014.11 MiB / 393.09 MiB
Pagefile Memory (total/avail): 2441.59 MiB / 1891.86 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.81 MiB

C: is Fixed (NTFS) - 104.79 GiB total, 66.3 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MemoryStick0 Device

\\.\PHYSICALDRIVE0 - FUJITSU MHV2120BH PL - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 7 GiB
\PARTITION1 (bootable) - Installable File System - 104.79 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Worm Protection v2006 (Symantec) Disabled
AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.) Disabled
AV: Symantec AntiVirus Corporate Edition v10.1.4.4000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=480037D956F7448
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\480037D956F7448
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_07\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=480037D956F7448
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

HijackThis 2.0.2 --> "C:\DOCUME~1\Owner\Desktop\HijackThis.exe" /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type15036 / Warning
Event Submitted/Written: 01/02/2008 08:28:02 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'

Event Record #/Type15034 / Error
Event Submitted/Written: 01/02/2008 08:27:51 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application igfxpers.exe, version 3.0.0.4543, faulting module igfxpers.exe, version 3.0.0.4543, fault address 0x00012fe1.
Processing media-specific event for [igfxpers.exe!ws!]

Event Record #/Type15032 / Warning
Event Submitted/Written: 01/02/2008 08:27:41 AM
Event ID/Source: 19011 / MSSQL$VAIO_VEDB
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type15018 / Warning
Event Submitted/Written: 01/02/2008 07:56:24 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'

Event Record #/Type15016 / Warning
Event Submitted/Written: 01/02/2008 07:56:08 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'InternationalSupportFiles_JPN' failed during request for component '{D4C8BFFA-BF6F-11D1-843A-0000F807F120}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13652 / Error
Event Submitted/Written: 01/02/2008 07:51:33 AM
Event ID/Source: 1003 / System Error
Event Description:
Error code 100000d1, parameter1 00000000, parameter2 00000002, parameter3 00000000, parameter4 f7956a20.

Event Record #/Type13628 / Error
Event Submitted/Written: 01/02/2008 07:48:24 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.100 for the Network Card with network address 0018DE6CA3A7 has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type13614 / Warning
Event Submitted/Written: 01/01/2008 11:04:16 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type13610 / Error
Event Submitted/Written: 12/26/2007 09:29:38 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Event Record #/Type13609 / Error
Event Submitted/Written: 12/25/2007 09:46:59 PM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom0.



-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------

[qwerty77]

Here's the main log in 2 parts; it's too long for 1 post:



Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-02 09:46:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
98: 2008-01-02 14:46:53 UTC - RP251 - Deckard's System Scanner Restore Point
97: 2008-01-02 12:59:11 UTC - RP250 - ComboFix created restore point
96: 2008-01-02 02:35:03 UTC - RP249 - ComboFix created restore point
95: 2008-01-01 23:32:18 UTC - RP248 - Unsigned driver install
94: 2008-01-01 23:14:15 UTC - RP247 - Unsigned driver install


-- First Restore Point --
1: 2007-10-04 19:31:38 UTC - RP154 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:09 AM, on 1/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\etMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\DOCUME~1\Owner\Desktop\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll
O2 - BHO: (no name) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [etMonitor] C:\WINDOWS\etMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173976083410
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14115 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.9.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>

S3 DCamUSBET (scopetek dcm130 usb2.0 device) - c:\windows\system32\drivers\etdevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 FiltUSBET (dcm130 USB Device Lower Filter) - c:\windows\system32\drivers\etfilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
S3 ScanUSBET (dcm130 USB Still Image Capture Device) - c:\windows\system32\drivers\etscan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Microsoft(R) Windows NT(R) Operating System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel(R) PROSet/Wireless Registry Service>

S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

[qwerty77]

-- Files created between 2007-12-02 and 2008-01-02 -----------------------------

2007-12-31 19:33:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-12-31 19:28:03 0 d-------- C:\WINDOWS\CSC
2007-12-31 18:37:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 17:43:03 28672 -ra------ C:\WINDOWS\etRun.exe <Not Verified; eMPIA Technology, Inc.; etRun>
2007-12-30 17:43:03 36864 -ra------ C:\WINDOWS\etMon.exe <Not Verified; EMPIA Technology Corporation; etMonitor>
2007-12-30 17:43:02 61440 -ra------ C:\WINDOWS\system32\etVFW.dll <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:43:02 17808 -ra------ C:\WINDOWS\system32\emYUV.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2007-12-30 17:43:02 159872 -ra------ C:\WINDOWS\system32\drivers\etFilter.sys <Not Verified; eMPIA Technology Inc.; EM27xx / EM28xx USB Video Convertor>
2007-12-30 17:42:59 6016 -ra------ C:\WINDOWS\system32\drivers\etScan.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:42:58 94720 -ra------ C:\WINDOWS\system32\drivers\etDevice.sys <Not Verified; eMPIA Technology, Inc.; ET USB 28xx Video>
2007-12-30 17:36:22 16384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-30 17:24:33 217088 --a------ C:\WINDOWS\etSTI.exe <Not Verified; eMPIA Technology, Inc.; etSTI>
2007-12-30 17:24:33 208896 --a------ C:\WINDOWS\etCap.exe <Not Verified; eMPIA Technology, Inc.; etCap>
2007-12-30 17:24:33 393306 --a------ C:\WINDOWS\etamcap.exe <Not Verified; Microsoft Corporation; DirectX 9.0 Sample>
2007-12-30 17:24:33 0 d-------- C:\Program Files\ETUSB2.0
2007-12-30 17:24:32 0 d-------- C:\Program Files\eMPIA-ET
2007-12-30 15:11:54 0 d-------- C:\Program Files\ScopePhoto
2007-12-29 13:53:31 0 d-------- C:\Documents and Settings\Owner\Application Data\Sonic
2007-12-29 13:53:16 0 d-------- C:\Documents and Settings\Owner\Application Data\Leadertech
2007-12-29 08:20:03 0 d-------- C:\Program Files\MSECache
2007-12-20 18:38:12 0 d-------- C:\Program Files\ReflexiveArcade
2007-12-10 08:53:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help


-- Find3M Report ---------------------------------------------------------------

2008-01-02 09:44:01 148 --a------ C:\Documents and Settings\Owner\Application Data\GL_Alerts.conf
2008-01-02 08:34:35 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-02 07:55:26 0 d-------- C:\Program Files\LimeWire
2008-01-02 07:39:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-02 07:39:19 0 d-------- C:\Program Files\Sony Pictures Games
2008-01-02 07:37:59 0 d-------- C:\Program Files\DAPlus
2008-01-02 07:37:20 0 d-------- C:\Program Files\Common Files\AOL
2008-01-01 21:44:13 0 d-------- C:\Program Files\Spyware Doctor
2007-12-31 20:30:31 118784 --a------ C:\WINDOWS\system32\igfxpers.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-31 19:34:50 0 d-------- C:\Program Files\Trend Micro
2007-12-31 16:57:14 8477 --a------ C:\WINDOWS\system32\ksvcl.dll
2007-12-31 16:57:10 26120 --a------ C:\WINDOWS\system32\kcopt.dll
2007-12-31 13:19:43 0 d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2007-12-30 17:46:55 0 d-------- C:\Program Files\Java
2007-12-30 17:38:39 0 d-------- C:\Program Files\iTunes
2007-12-30 17:38:39 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-12-30 17:38:39 0 d-------- C:\Program Files\Apoint
2007-12-30 17:38:38 0 d-------- C:\Program Files\QuickTime
2007-12-30 17:36:25 94208 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:36:24 77824 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-30 17:24:28 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-27 17:16:04 0 d-------- C:\Documents and Settings\Owner\Application Data\Aim
2007-12-26 21:32:29 0 d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2007-12-25 22:04:57 0 d-------- C:\Program Files\Yahoo!
2007-12-25 22:04:57 0 d-------- C:\Program Files\1Club.FM
2007-12-25 21:53:42 0 d-------- C:\Program Files\Common Files
2007-12-25 21:51:42 0 d-------- C:\Program Files\BitTorrent
2007-12-10 08:53:10 0 d-------- C:\Program Files\AIM
2007-12-07 00:25:06 47760 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-12-02 13:37:53 0 d-------- C:\Program Files\Google
2007-11-08 16:31:07 0 d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2007-11-07 21:20:57 0 d-------- C:\Documents and Settings\Owner\Application Data\MySpace
2007-11-07 21:20:55 0 d-------- C:\Program Files\MySpace


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
10/14/2005 12:21 PM 102400 --a------ C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [12/30/2007 05:36 PM]
"VAIO Recovery"="C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe" [04/19/2003 11:08 PM]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [12/30/2007 05:36 PM]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [12/30/2007 05:36 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/08/2006 12:50 PM]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [12/30/2007 05:36 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [12/31/2007 08:30 PM]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [12/30/2007 05:36 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [11/30/2006 09:50 AM]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [12/30/2007 05:36 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/2007 05:36 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/30/2007 05:36 PM]
"DeadAIM"="C:\Program Files\AIM\\DeadAIM.ocm" [02/23/2004 03:16 AM]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [12/30/2007 05:36 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [12/31/2007 01:10 PM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [12/30/2007 05:36 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [12/30/2007 05:36 PM]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [12/30/2007 05:36 PM]
"etMonitor"="C:\WINDOWS\etMon.exe" [10/11/2005 05:57 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [03/15/2006 07:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 2:01:04 AM]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmas\Tmas.exe [8/2/2006 3:15:47 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{03A80B1D-5C6A-42c2-9DFB-81B6005D8023}"= C:\Program Files\Trend Micro\Tmas\sshook.dll [08/02/2006 03:15 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 03/09/2006 04:51 PM 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=C:\WINDOWS\pss\Clean Access Agent.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1154548953\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
"C:\Program Files\Spyware Doctor\SDTrayApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8435c48-225e-11db-b383-806d6172696f}]
AutoRun\command- E:\sony\Autorun.exe




-- End of Deckard's System Scanner: finished at 2008-01-02 09:48:48 ------------

[qwerty77]

The Kaspersky scanner says only run it in IE >6.0 but my IE won't open. Is it ok to run it in firefox?

[katana]

Try this first, then try IE again


SD Fix

DownloadSDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
• Instead of Windows loading as normal, the Advanced Options Menu should appear;
• Select the first option, to run Windows in Safe Mode, then press Enter.
• Choose your usual account.

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  (Report.txt will also be copied to Clipboard ready for posting back on the forum).
• Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

[qwerty77]

Here is the SDFix log:

SDFix: Version 1.122

Run by Owner on Wed 01/02/2008 at 10:53 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\F\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 11:37:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"
Fri 17 Nov 2000 30,208 A..H. --- "C:\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL4037.tmp"
Wed 4 Oct 2006 26,112 A..H. --- "C:\Documents and Settings\Owner\Desktop\Thesis jump BU 12-17-07\Gray jump\Fall 2006 208\~WRL0051.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\F\Documents and Settings\Owner\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 26,112 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\greyjump\Fall 2006 208\~WRL0051.tmp"
Fri 21 Sep 2007 11,116 A.SH. --- "C:\F\Documents and Settings\Owner\My Documents\My Music\License Backup\drmv2key.bak"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0245.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0606.tmp"
Mon 10 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0658.tmp"
Tue 11 Sep 2007 142,336 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0846.tmp"
Tue 11 Sep 2007 134,144 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL0969.tmp"
Tue 11 Sep 2007 130,560 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1037.tmp"
Mon 10 Sep 2007 79,872 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1181.tmp"
Tue 11 Sep 2007 93,184 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1357.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1422.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1434.tmp"
Tue 11 Sep 2007 123,392 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1593.tmp"
Tue 11 Sep 2007 139,776 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1736.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1890.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL1957.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2389.tmp"
Tue 11 Sep 2007 141,824 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2511.tmp"
Mon 10 Sep 2007 82,432 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2545.tmp"
Tue 11 Sep 2007 111,104 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2899.tmp"
Tue 11 Sep 2007 110,080 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL2910.tmp"
Mon 10 Sep 2007 74,752 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3045.tmp"
Mon 10 Sep 2007 61,952 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3054.tmp"
Mon 10 Sep 2007 77,312 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3328.tmp"
Tue 11 Sep 2007 88,064 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3458.tmp"
Mon 10 Sep 2007 74,240 ...H. --- "C:\F\F\F\Documents and Settings\Owner\Desktop\~WRL3746.tmp"
Fri 17 Nov 2006 20,480 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0001.tmp"
Fri 17 Nov 2000 28,160 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0124.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0288.tmp"
Fri 17 Nov 2006 24,576 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0691.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL0780.tmp"
Fri 17 Nov 2000 27,648 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1073.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1259.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1752.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL1841.tmp"
Fri 17 Nov 2006 25,088 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2041.tmp"
Fri 17 Nov 2000 32,768 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2392.tmp"
Fri 17 Nov 2000 26,624 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2454.tmp"
Fri 17 Nov 2006 25,600 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL2805.tmp"
Fri 17 Nov 2000 29,696 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3157.tmp"
Fri 17 Nov 2000 27,136 A..H. --- "C:\F\Documents and Settings\Owner\Desktop\desktop907\New Folder\410\~WRL3858.tmp"