InterviewSolution
Saved Bookmarks
InterviewSolution
| 1. |
Solve : Roomie's computer infected now...HJT log included.? |
|
Answer» I was helping my coworker with her infection when evilfantasy determined that her situation was devastating.
What DSS will do:
Next post please add DSS Main & Extra text logs. Almost missed this... Your Java is out of date. Older versions of Java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version(s) of Java components and update. Step 1 - Get the new version
Deckard's System Scanner v20071014.68 Run by CATANYAG on 2008-05-10 00:46:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 68: 2008-05-10 07:46:08 UTC - RP1250 - Deckard's System Scanner Restore Point 67: 2008-05-10 07:38:18 UTC - RP1249 - Installed Java(TM) 6 Update 5 66: 2008-05-10 07:11:20 UTC - RP1248 - System Checkpoint 65: 2008-05-08 22:01:29 UTC - RP1247 - Software Distribution Service 3.0 64: 2008-05-08 06:35:07 UTC - RP1246 - System Checkpoint -- First Restore Point -- 1: 2008-03-06 12:03:06 UTC - RP1183 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as CATANYAG.exe) -------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:08 AM, on 5/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\TpShocks.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\IBMTOOLS\UTILS\ibmprc.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\TPPALDR.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Documents and Settings\Hotsync.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\CATANYAG\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\CATANYAG.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper O4 - HKLM\..\Run: [TpShocks] TpShocks.exe O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HotSync Manager.lnk = C:\Documents and Settings\Hotsync.exe O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [JAVA_IBM] Java (IBM) O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://www.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by133fd.bay133.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {4FE89055-5300-469E-AFAD-DEB3181EDE76} (PearsonAsstX Control) - http://www.mathxl.com/applets/PearsonInstallAsst.cab O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab O16 - DPF: {C4DD6732-1E82-4AE7-BD94-180331B84082} (DeltaCVX Control) - http://www.mathxl.com/applets/DeltaCVX.cab O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe -- End of file - 13451 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080510-004336-415 O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file) backup-20080510-004336-509 O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file) backup-20080510-004336-592 O2 - BHO: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)-- File Associations ----------------------------------------------------------- .reg - regfile - shell\open\command - regedit.exe "%1" %* .scr - scrfile - shell\open\command - "%1" %* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 Shockprf - c:\windows\system32\drivers\shockprf.sys R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys R1 Smapint - c:\windows\system32\drivers\smapint.sys R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys R1 TPPWR - c:\windows\system32\drivers\tppwr.sys R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys R2 PMEM - c:\windows\system32\drivers\pmemnt.sys R2 ShockMgr - c:\windows\system32\drivers\shockmgr.sys R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys S3 CBTNDIS5 (CBTNDIS5 NDIS Protocol Driver) - c:\windows\system32\cbtndis5.sys S3 IPN2220 (Wireless-G Notebook Adapter ver.4.0 Driver) - c:\windows\system32\drivers\i2220ntx.sys (file missing) S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys S3 stusb2ir (USB 2.0 IrDA Bridge) - c:\windows\system32\drivers\stusb2ir.sys S3 ZD1211U(WLAN) (IEEE 802.11g USB Wireless LAN Driver(WLAN)) - c:\windows\system32\drivers\zd1211u.sys S3 ZDBRGSYS (ZDBRGSYS NDIS Protocol Driver) - c:\windows\system32\zdbrgsys.sys S3 ZDPNDIS5 (ZDPNDIS5 NDIS Protocol Driver) - c:\windows\system32\zdpndis5.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" R2 IBM Rapid Restore Ultra Service - c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe S2 NICSer_WPC54G - c:\program files\linksys\wireless-g notebook adapter\nicserv.exe S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing) -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-05-09 23:58:28 380 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2008-05-09 23:10:45 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job 2008-05-07 10:14:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2008-05-02 22:39:54 536 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - CATANYAG.job 2007-11-24 09:37:55 506 --a------ C:\WINDOWS\Tasks\BMMTask.job -- Files created between 2008-04-10 and 2008-05-10 ----------------------------- 2008-05-09 00:09:04 0 d-------- C:\Program Files\Trend Micro 2008-05-08 23:59:54 0 d-------- C:\Documents and Settings\CATANYAG\Application Data\Malwarebytes 2008-05-08 23:59:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-08 23:59:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-08 23:16:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-08 22:43:14 5276 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-08 22:38:29 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-08 22:38:29 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-08 22:38:29 86528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-08 22:38:29 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-08 22:38:29 53248 --a------ C:\WINDOWS\system32\Process.exe http://www.beyondlogic.org; Command Line Process Utility> 2008-05-08 22:38:29 82944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-08 22:38:29 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-08 22:38:29 82944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-08 06:22:58 0 d-------- C:\Documents and Settings\CATANYAG\Application Data\Google 2008-05-08 06:18:13 0 d-------- C:\Documents and Settings\UST TRAINING\Application Data\Google 2008-05-08 06:16:08 0 d-------- C:\Documents and Settings\All Users\Application Data\Google 2008-05-07 23:53:20 0 d-------- C:\Documents and Settings\UST TRAINING\Application Data\Adobe 2008-05-07 00:25:42 0 d-------- C:\Program Files\Enigma Software Group 2008-05-07 00:02:07 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-05-06 23:58:36 0 d-------- C:\Documents and Settings\LocalService\Desktop 2008-05-06 17:41:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-06 17:30:38 0 d-------- C:\Program Files\Windows Defender 2008-05-01 21:58:03 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel 2008-05-01 12:01:31 0 d-------- C:\WINDOWS\system32\FxsTmp 2008-04-22 17:30:55 0 d-------- C:\Program Files\iTunes 2008-04-22 17:28:40 0 d-------- C:\Program Files\QuickTime -- Find3M Report --------------------------------------------------------------- 2008-05-10 00:39:30 0 d-------- C:\Program Files\Java 2008-05-10 00:13:49 0 d-------- C:\Program Files\Common Files 2008-05-08 19:58:25 0 d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-08 17:37:43 0 d-------- C:\Program Files\Absolute Poker 2008-05-08 09:07:02 0 d-------- C:\Documents and Settings\CATANYAG\Application Data\Yahoo! 2008-05-08 06:20:04 0 d-------- C:\Program Files\Google 2008-05-06 17:23:38 0 d-------- C:\Program Files\Symantec 2008-04-22 17:31:08 0 d-------- C:\Program Files\iPod 2008-04-22 17:23:25 0 d-------- C:\Program Files\Apple Software Update 2008-04-17 00:06:14 0 d-------- C:\Documents and Settings\CATANYAG\Application Data\Adobe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "S3TRAY2"="S3Tray2.exe" [10/11/2001 11:32 PM C:\WINDOWS\system32\S3Tray2.exe] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [11/19/2003 09:56 AM] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/19/2003 09:56 AM] "ATIModeChange"="Ati2mdxx.exe" [09/04/2001 01:24 PM C:\WINDOWS\system32\Ati2mdxx.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [08/04/2004 12:56 AM C:\WINDOWS\system32\irprops.cpl] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/23/2003 11:39 PM] "TpShocks"="TpShocks.exe" [12/17/2003 11:12 AM C:\WINDOWS\system32\TpShocks.exe] "TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/10/2004 10:10 AM] "BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [12/25/2003 01:36 AM] "BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [12/25/2003 01:36 AM] "TP4EX"="tp4ex.exe" [09/04/2002 01:05 AM C:\WINDOWS\system32\TP4EX.exe] "EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 02:04 AM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/10/2004 09:10 PM] "UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [09/30/2003 03:39 PM] "UC_SMB"="" [] "UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 01:01 AM] "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [10/22/2003 01:04 AM] "IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/19/2004 12:12 PM] "BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [12/25/2003 01:36 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 05:32 PM] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [05/06/2008 05:23 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [04/13/2005 04:48 AM] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 12:50 PM] "PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [02/13/2007 11:29 AM] "TPP Auto Loader"="C:\WINDOWS\TPPALDR.EXE" [10/05/2001 12:54 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IBM RecordNow!"="" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM] "NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [07/14/2005 10:35 PM] "Aim6"="" [] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 5:44:06 AM] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [9/2/2004 6:51:35 PM] HotSync Manager.lnk - C:\Documents and Settings\Hotsync.exe [6/9/2004 2:16:08 PM] Wireless-G Notebook Adapter Utility.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe [10/13/2004 10:17:35 PM] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Notification Packages"= scecli pwdmon [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProvidersmsapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume SHADOW copy" -- End of Deckard's System Scanner: finished at 2008-05-10 00:49:27 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel(R) Pentium(R) M processor 1500MHz Percentage of Memory in Use: 38% Physical Memory (total/avail): 1278.92 MiB / 792.63 MiB Pagefile Memory (total/avail): 1517.93 MiB / 1155.96 MiB Virtual Memory (total/avail): 2047.88 MiB / 1926.57 MiB C: is Fixed (NTFS) - 32.97 GiB total, 6.54 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - HTS548040M9AT00 - 37.26 GiB - 2 partitions \PARTITION0 (bootable) - Installable File System - 32.97 GiB - C: \PARTITION1 - Unknown - 4.29 GiB -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AntiVirusDisableNotify is set. FW: Norton Internet Worm Protection v2005 (Symantec) AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) Outdated [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger" "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\CATANYAG\Application Data CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=DENNIS ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\CATANYAG IBMSHARE=C:\IBMSHARE LOGONSERVER=\\DENNIS NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Pinnacle\Shared Files\Filter;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=0905 ProgramFiles=C:\Program Files PROMPT=$P$G PYTHONCASEOK=1 PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\ SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4 TEMP=C:\DOCUME~1\CATANYAG\LOCALS~1\Temp TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4 TMP=C:\DOCUME~1\CATANYAG\LOCALS~1\Temp USERDOMAIN=DENNIS USERNAME=CATANYAG USERPROFILE=C:\Documents and Settings\CATANYAG windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- CATANYAG (admin) UST TRAINING (admin) Office.DENNIS (admin) Administrator (admin) -- Add/Remove Programs --------------------------------------------------------- --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} --> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE" --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll -l0x9 ControlPanelAnyText --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Absolute Poker --> C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe AC3Filter (remove only) --> C:\Documents and Settings\CATANYAG\Desktop\AC3Filter\uninstall.exe Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log AIM 6 --> C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543} Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[emailprotected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe" ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB} Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml" Cucusoft DVD to iPod + iPod Video Converter Suite 5.28.5.12 --> "C:\Program Files\Cucusoft\ipod-converter\unins000.exe" DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DVD Decrypter (Remove Only) --> "C:\Documents and Settings\CATANYAG\Desktop\DVD Decrypter\uninstall.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IBM 32-bit Runtime Environment for Java 2, v1.4.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033 IBM Active Protection System --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272} IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE} IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll" IBM ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll" IBM ThinkPad EasyEject Utility --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll" IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll" IBM ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall IBM ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE" IBM Update Connector --> MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8} Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe Intel(R) PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4} InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iPod Access for Windows v2.9.4 --> "C:\Program Files\iPod Access for Windows\unins000.exe" iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033 iPod Reset Utility --> MsiExec.exe /X{91A2689C-D4B1-43BB-A521-0E29B963FC56} iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B} J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} LimeWire 4.14.8 --> "C:\Program Files\LimeWire\uninstall.exe" LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Norton AntiVirus 2005 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B} Norton AntiVirus 2005 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8} Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43} Norton AntiVirus SCSSDist MSI --> MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548} Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8} Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352} Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4} Odyssey Client --> MsiExec.exe /X{99D42EC7-652B-4819-B3E6-6450C815E03F} palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148} PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE" PCFriendly --> C:\Program Files\PCFriendly\inuninst.exe Pinnacle Mobile Media Organizer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCC64390-4796-4BEC-87AB-87282CBAFF8C}\Setup.exe" -l0x9 UNINSTALL QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3} SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09} Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138} SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf ThinkPad Software Installer --> _tpiu000.exe /U TPP Storage Driver Installation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E258A840-7E9A-443A-B156-67102C48BF17}\Setup.exe" NotFirstInstall USB 2.0 IrDA Bridge --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\setup.exe" -l0x9 USB Storage Adapter (TPP) --> tppun.exe TPP725 USB Storage Adapter V2 (TPP) --> tppun.exe TPP200 USB Storage Adapter V3 (TPP) --> tppun.exe TPP300 Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395} Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Wireless-G Notebook Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\Setup.exe" -l0x9 -- Application Event Log ------------------------------------------------------- Event Record #/Type9341 / Warning Event Submitted/Written: 05/09/2008 00:16:05 AM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type9326 / Warning Event Submitted/Written: 05/08/2008 10:45:38 PM Event ID/Source: 1015 / MsiInstaller Event Description: Failed to connect to server. Error: 0x8007043C Event Record #/Type9325 / Warning Event Submitted/Written: 05/08/2008 10:45:38 PM Event ID/Source: 1004 / MsiInstaller Event Description: Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist. Event Record #/Type9323 / Warning Event Submitted/Written: 05/08/2008 10:39:30 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. Event Record #/Type9307 / Warning Event Submitted/Written: 05/08/2008 10:30:48 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type112440 / Warning Event Submitted/Written: 05/10/2008 00:48:34 AM Event ID/Source: 3004 / WinDefend Event Description: %DENNIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DENNIS27 can't undo changes that you allow. For more information please see the following: %DENNIS275 Scan ID: {3533E261-EA50-4BEA-AC48-037552BE9E79} User: DENNIS\CATANYAG Name: %DENNIS271 ID: %DENNIS272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DENNIS276 Alert Type: %DENNIS278 Detection Type: 1.1.1593.02 Event Record #/Type112439 / Warning Event Submitted/Written: 05/10/2008 00:48:34 AM Event ID/Source: 3004 / WinDefend Event Description: %DENNIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DENNIS27 can't undo changes that you allow. For more information please see the following: %DENNIS275 Scan ID: {57941E0F-A630-4E96-A90B-88353EDE282D} User: DENNIS\CATANYAG Name: %DENNIS271 ID: %DENNIS272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DENNIS276 Alert Type: %DENNIS278 Detection Type: 1.1.1593.02 Event Record #/Type112438 / Warning Event Submitted/Written: 05/10/2008 00:48:34 AM Event ID/Source: 3004 / WinDefend Event Description: %DENNIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DENNIS27 can't undo changes that you allow. For more information please see the following: %DENNIS275 Scan ID: {159A93A4-5612-4A73-9E97-BAABD4EA9841} User: DENNIS\CATANYAG Name: %DENNIS271 ID: %DENNIS272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DENNIS276 Alert Type: %DENNIS278 Detection Type: 1.1.1593.02 Event Record #/Type112437 / Warning Event Submitted/Written: 05/10/2008 00:48:31 AM Event ID/Source: 3004 / WinDefend Event Description: %DENNIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DENNIS27 can't undo changes that you allow. For more information please see the following: %DENNIS275 Scan ID: {348AC47F-9B1B-4648-B5AB-15C5D248421E} User: DENNIS\CATANYAG Name: %DENNIS271 ID: %DENNIS272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DENNIS276 Alert Type: %DENNIS278 Detection Type: 1.1.1593.02 Event Record #/Type112436 / Warning Event Submitted/Written: 05/10/2008 00:48:31 AM Event ID/Source: 3004 / WinDefend Event Description: %DENNIS27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %DENNIS27 can't undo changes that you allow. For more information please see the following: %DENNIS275 Scan ID: {DDC1C48A-EA8C-4D35-BFDE-28EB2024A503} User: DENNIS\CATANYAG Name: %DENNIS271 ID: %DENNIS272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %DENNIS276 Alert Type: %DENNIS278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-05-10 00:49:27 ------------ The current version of Java is Java(TM) 6 Update 6 and you can get it HERE Go to add/remove programs and uninstall J2SE Runtime Environment 5.0 Update 3 Java(TM) 6 Update 5 Viewpoint Media Player ---------- Try running StartUpLite to get rid of the un-necessary startups. ---------- Is Norton up to date? Is is a paid version or has the subscription run out? Quote AV: Norton AntiVirus 2005 v2005 (Symantec Corporation) OutdatedOkay, got rid of the 3 things from Add/Remove (strangely enough, the download of Java I got was from Java's website...and it was 6.5). Downloaded the new Java. Ran the startup cleaner. The Norton is EXTREMELY outdated and not paid for.OK we need to get you some current protection. First download these programs, don't install them yet. Antivurus: Pick only one. I will list multiple but if you want my personal preference it is Avast. Avast - http://www.filehippo.com/download_avast_antivirus/ AVG - http://www.filehippo.com/download_avg_antivirus/ AntiVir - http://www.filehippo.com/download_antivir/ Firewall: Be sure to choose Advanced Mode when installing. http://www.filehippo.com/download_comodo/ After they are downloaded don't connect to the internet until you have Norton uninstalled and the new protection installed. Download the Norton Removal Tool Go to add remove programs and uninstall anything with Norton, Live Update or Symantec in the name. Now run the Norton Removal Tool Install the new AV and Firewall then run a full scan with the new AV. Let me know how everything is now. |
|