Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bsod - Hijackthis! Log


  • Please log in to reply
11 replies to this topic

#1 Commie

Commie

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 03 September 2007 - 11:23 AM

I started getting the BSoD after installing the latest version of AIM. I have since uninstalled it and am still receiving the same problems. The one thing I know of that gets me a definite BSoD is when I go to the iTunes website and try to download the install file for the latest version of iTunes. It instantly goes to the a BSoD. Any help would be greatly appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:07 PM, on 9/3/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [1922036909] C:\Program Files\Toshiba Registration\Registration.exe /r "C:\Program Files\Toshiba Registration\Registration.rpd"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 7477 bytes

BC AdBot (Login to Remove)

 


m

#2 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 04 September 2007 - 05:57 PM

Bump.

#3 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:25 PM

Posted 14 September 2007 - 01:07 AM

Hello Commie and welcome to BleepingComputer!

My name is Johannes and I will be dealing with your log today.
Please note that comments are made in green, links are in red and important things are outlined by using the blue color.

Please provide me a new HijackThis log, before we continue with your cleaning.

Please also take note of the following:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
Please give me some time to look over your log and I will get back to you as soon as possible.
Thanks,
Johannes

Edited by Yourhighness, 14 September 2007 - 01:09 AM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#4 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 15 September 2007 - 01:51 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:48:55 AM, on 9/15/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 8581 bytes

#5 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:25 PM

Posted 18 September 2007 - 12:19 PM

Hey Commie,

just wanted to let you know that we havent forgotten you and that things have been a bit crazy. We should be with you soon.

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#6 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 18 September 2007 - 01:27 PM

That's fine. I'm not paying for service so I can't rightfully demand anything. Just take your time.

#7 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:25 PM

Posted 20 September 2007 - 04:04 PM

Hey Commie,

Step #1

You seem to have an Internet Suite (Firewall and Antivirus) as well as Norton Antivirus on your pc.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Norton Antivirus or CA Internet Security Suite - if you remove CA Internet Security Suite, please understand you will have to install a new firewall as the mcafee one will have been uninstalled also.

Step #2

Please download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close ALL applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
The logs can be quite lengthy..use two post if you need to get them all in.

Step #3

Just wondering, do you have a lexmark printer? Also, please advise your Windows Vista version.

Step #4

Please post back with the answer to the above question and the main.txt and the extra.txt logs from the DSS scan.

Thanks.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#8 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 20 September 2007 - 04:26 PM

The anti-virus portion of CA Security Suite is not installed on my computer anymore. I did that before I installed Norton. And I have been having problems with my computer since before I put Norton on but if you still believe that to be a possible issue then let me know. For now I left CA on because I like the other components but I can assure you that the anti-virus portion is not installed.

And yes, I have a Lexmark printer. It came free with my laptop. I'm not really sure what you mean by "advise" my Windows Vista version though.

Here are the logs:

Deckard's System Scanner v20070905.67
Run by Kyle on 2007-09-20 17:09:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
5: 2007-09-20 17:07:36 UTC - RP147 - Scheduled Checkpoint
4: 2007-09-20 03:45:42 UTC - RP146 - Scheduled Checkpoint
3: 2007-09-19 02:59:25 UTC - RP145 - Installed Corel Paint Shop Pro X
2: 2007-09-19 02:55:16 UTC - RP144 - Installed Corel Paint Shop Pro X - Installation Files
1: 2007-09-18 14:33:45 UTC - RP142 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as Kyle.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:12:53 PM, on 9/20/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Windows\System32\mobsync.exe
C:\Users\Kyle\Desktop\dss.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovep.exe
C:\PROGRA~1\HIJACK~1\Kyle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 8762 bytes

-- File Associations -----------------------------------------------------------

.js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys <Not Verified; Symantec Corporation; AutoProtect>
S4 KR10I - c:\windows\system32\drivers\kr10i.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR10N - c:\windows\system32\drivers\kr10n.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>
S4 KR3NPXP - c:\windows\system32\drivers\kr3npxp.sys <Not Verified; TOSHIBA CORPORATION; TOSHIBA RAID>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not Verified; TOSHIBA CORPORATION; ConfigFree™>
R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>
R2 Swupdtmr - c:\toshiba\ivp\swupdate\swupdtmr.exe
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not Verified; TOSHIBA Corporation; TDCSrv Application>
R2 TOSHIBA Bluetooth Service - c:\program files\toshiba\bluetooth toshiba stack\tosbtsrv.exe <Not Verified; TOSHIBA CORPORATION; Bluetooth Stack for Windows by TOSHIBA>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-30 19:45:12 512 --a------ C:\Windows\Tasks\CAAntiSpywareScan_Daily as Mark at 5 39 PM.job


-- Files created between 2007-08-20 and 2007-09-20 -----------------------------

2007-09-18 23:02:17 0 d-------- C:\Users\All Users\InstallShield
2007-09-18 23:00:00 0 d-------- C:\Program Files\Common Files\Corel
2007-09-18 22:55:43 0 d-------- C:\Program Files\Corel
2007-09-16 23:02:57 0 d-------- C:\Program Files\Alcohol Soft
2007-09-16 22:58:43 685816 --a------ C:\Windows\system32\drivers\sptd.sys
2007-09-16 22:38:21 0 d-------- C:\Program Files\EA Games
2007-09-16 12:51:51 0 d-------- C:\Program Files\DC++
2007-09-16 03:13:26 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-09-14 07:30:55 0 d-------- C:\Windows\Sun
2007-09-13 21:57:38 0 d-------- C:\Program Files\ISO
2007-09-13 15:05:48 0 d-------- C:\Program Files\uTorrent
2007-09-11 16:12:01 0 dr-h----- C:\MSOCache
2007-09-11 11:12:56 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-11 11:12:22 0 d-------- C:\Program Files\Common Files\Real
2007-09-11 11:12:18 0 d-------- C:\Program Files\Real
2007-09-09 18:03:34 0 d-------- C:\Program Files\Macromedia
2007-09-09 18:03:34 0 d-------- C:\Program Files\Common Files\Macromedia
2007-09-09 18:00:19 0 d-------- C:\Program Files\Sassafras K2
2007-09-07 10:01:31 0 d-------- C:\Users\All Users\NCH Swift Sound
2007-09-07 10:00:47 0 d-------- C:\Program Files\NCH Swift Sound
2007-09-06 15:03:55 0 d-------- C:\Users\All Users\Macromedia
2007-09-04 09:42:05 0 d-------- C:\Users\All Users\Apple
2007-09-04 09:12:13 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-09-03 11:40:34 0 d-------- C:\Program Files\Miranda IM
2007-09-02 16:27:28 0 d-------- C:\Windows\PCHEALTH
2007-09-02 16:27:28 0 d-------- C:\Program Files\Microsoft.NET
2007-09-01 13:54:34 0 dr------- C:\Users\User\Searches
2007-09-01 13:54:09 0 dr------- C:\Users\User\Contacts
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Templates
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Start Menu
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\SendTo
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Recent
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\PrintHood
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\NetHood
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\My Documents
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Local Settings
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Cookies
2007-09-01 13:53:20 0 d--hs---- C:\Users\User\Application Data
2007-09-01 13:53:19 0 dr------- C:\Users\User\Videos
2007-09-01 13:53:19 0 dr------- C:\Users\User\Saved Games
2007-09-01 13:53:19 0 dr------- C:\Users\User\Pictures
2007-09-01 13:53:19 1835008 --ahs---- C:\Users\User\NTUSER.DAT
2007-09-01 13:53:19 0 dr------- C:\Users\User\Music
2007-09-01 13:53:19 0 dr------- C:\Users\User\Links
2007-09-01 13:53:19 0 dr------- C:\Users\User\Favorites
2007-09-01 13:53:19 0 dr------- C:\Users\User\Downloads
2007-09-01 13:53:19 0 dr------- C:\Users\User\Documents
2007-09-01 13:53:19 0 dr------- C:\Users\User\Desktop
2007-09-01 13:53:19 0 d--h----- C:\Users\User\AppData
2007-09-01 11:08:49 0 -rahs---- C:\MSDOS.SYS
2007-09-01 11:08:49 0 -rahs---- C:\IO.SYS
2007-09-01 10:43:27 0 d-------- C:\Program Files\Symantec
2007-09-01 10:43:01 0 d-------- C:\Users\All Users\Symantec
2007-09-01 10:43:01 0 d-------- C:\Program Files\Symantec AntiVirus
2007-09-01 10:43:00 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-31 19:10:23 0 d-------- C:\Users\All Users\Stardock
2007-08-31 19:07:11 0 d-------- C:\Program Files\Stardock
2007-08-31 19:03:35 0 d-------- C:\Program Files\Common Files\AOL(4)
2007-08-31 19:03:23 0 d-------- C:\Program Files\AIM6(1)
2007-08-31 15:54:25 0 d-------- C:\Windows\pss
2007-08-31 13:30:52 0 d-------- C:\Program Files\Lx_cats
2007-08-31 13:30:17 0 d-------- C:\logs
2007-08-31 13:24:15 0 d-------- C:\Users\Kyle\{3394188f-f4ba-46f3-8683-248ddd4ff6a2}
2007-08-31 13:21:39 45056 --a------ C:\Windows\system32\LXF3PMON.DLL
2007-08-31 13:21:39 32768 --a------ C:\Windows\system32\LXF3FXPU.DLL
2007-08-31 13:21:19 12288 --a------ C:\Windows\system32\LXF3PMRC.DLL
2007-08-31 13:21:19 36864 --a------ C:\Windows\system32\lxf3oem.dll <Not Verified; ; Lexmark Fax Solutions Software>
2007-08-31 13:21:18 98345 --a------ C:\Windows\system32\IMHOST32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-08-31 13:21:18 339968 --a------ C:\Windows\system32\IMGMAN32.DLL <Not Verified; Data Techniques, Inc.; ImageMan Image Processing Toolkit>
2007-08-31 13:21:17 0 d-------- C:\Users\All Users\FaxCtr
2007-08-31 13:19:09 0 d-------- C:\Program Files\Lexmark Fax Solutions
2007-08-31 13:18:42 0 d-------- C:\Program Files\Lexmark Toolbar
2007-08-31 13:18:03 0 d-------- C:\Program Files\Abbyy FineReader 6.0 Sprint
2007-08-31 13:17:17 0 d-------- C:\Program Files\Lexmark 2500 Series
2007-08-31 13:17:04 286720 --a------ C:\Windows\system32\LXDDinst.dll
2007-08-31 13:17:03 413696 --a------ C:\Windows\system32\lxddinpa.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:03 323584 --a------ C:\Windows\system32\LXDDhcp.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:02 507904 --a------ C:\Windows\system32\lxddutil.dll <Not Verified; Lexmark International, Inc.; utilities DLL>
2007-08-31 13:17:02 999424 --a------ C:\Windows\system32\lxddusb1.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:02 397312 --a------ C:\Windows\system32\lxddiesc.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:01 1232896 --a------ C:\Windows\system32\lxddserv.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:01 163840 --a------ C:\Windows\system32\lxddprox.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:01 94208 --a------ C:\Windows\system32\lxddpplc.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:00 643072 --a------ C:\Windows\system32\lxddpmui.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:17:00 585728 --a------ C:\Windows\system32\lxddlmpm.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:16:59 143360 --a------ C:\Windows\system32\lxddjswr.dll <Not Verified; Lexmark International, Inc.; Jsw resource DLL>
2007-08-31 13:16:59 106496 --a------ C:\Windows\system32\lxddinsr.dll <Not Verified; Lexmark International, Inc.; Ins resource DLL>
2007-08-31 13:16:59 200704 --a------ C:\Windows\system32\lxddinsb.dll <Not Verified; Lexmark International, Inc.; INS bitmap resource DLL>
2007-08-31 13:16:59 176128 --a------ C:\Windows\system32\lxddins.dll <Not Verified; Lexmark International, Inc.; ins DLL>
2007-08-31 13:16:58 700416 --a------ C:\Windows\system32\lxddhbn3.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:16:57 208896 --a------ C:\Windows\system32\lxddgrd.dll <Not Verified; ; grd Dynamic Link Library>
2007-08-31 13:16:57 86016 --a------ C:\Windows\system32\lxddcub.dll <Not Verified; Lexmark International, Inc.; CU bitmap resource DLL>
2007-08-31 13:16:56 36864 --a------ C:\Windows\system32\lxddcur.dll <Not Verified; Lexmark International, Inc.; Cu resource DLL>
2007-08-31 13:16:56 77824 --a------ C:\Windows\system32\lxddcu.dll <Not Verified; Lexmark International, Inc.; Cu DLL>
2007-08-31 13:16:56 425984 --a------ C:\Windows\system32\lxddcomm.dll <Not Verified; ; Printer Communication System>
2007-08-31 13:16:55 684032 --a------ C:\Windows\system32\lxddcomc.dll <Not Verified; ; Printer Communication System>
2007-08-31 12:45:48 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-08-30 17:39:16 0 d-------- C:\Program Files\Common Files\Scanner
2007-08-29 19:08:29 0 d-------- C:\Program Files\TweakVI
2007-08-29 17:55:29 0 d-------- C:\Users\All Users\AOL OCP
2007-08-29 17:55:26 0 d-------- C:\Users\All Users\AOL
2007-08-29 17:35:54 0 d-------- C:\Users\All Users\CA
2007-08-29 17:35:49 0 d-------- C:\Program Files\CA
2007-08-29 17:18:47 0 d-------- C:\Program Files\iPod
2007-08-29 17:18:38 0 d-------- C:\Program Files\iTunes
2007-08-29 17:17:21 0 d-------- C:\Program Files\QuickTime
2007-08-29 17:17:18 0 d-------- C:\Users\All Users\Apple Computer
2007-08-29 17:16:50 0 d-------- C:\Program Files\Apple Software Update
2007-08-29 17:15:23 0 d-------- C:\Program Files\Common Files\Apple
2007-08-29 15:41:29 0 d-------- C:\sa130d6v13
2007-08-29 15:10:55 0 d-------- C:\Users\All Users\Adobe
2007-08-29 15:10:43 0 d-------- C:\Program Files\Common Files\Adobe
2007-08-29 14:34:48 841 --a------ C:\Windows\mozver.dat
2007-08-29 14:30:03 0 d-------- C:\Users\All Users\Viewpoint
2007-08-29 14:30:02 0 d-------- C:\Program Files\Viewpoint
2007-08-29 14:29:22 335 --a------ C:\Windows\nsreg.dat
2007-08-29 14:28:28 0 d-------- C:\Users\All Users\AOL Downloads
2007-08-29 14:21:07 0 d--h----- C:\Windows\msdownld.tmp
2007-08-29 14:20:48 0 d-------- C:\Windows\system32\directx
2007-08-29 13:55:45 0 d-------- C:\temp
2007-08-29 13:30:30 0 d-------- C:\Program Files\MSXML 4.0
2007-08-29 13:10:05 0 dr------- C:\Users\Mark\Searches
2007-08-29 13:09:26 0 dr------- C:\Users\Mark\Contacts
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Templates
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Start Menu
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\SendTo
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Recent
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\PrintHood
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\NetHood
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\My Documents
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Local Settings
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Cookies
2007-08-29 13:09:09 0 d--hs---- C:\Users\Mark\Application Data
2007-08-29 13:09:07 0 d--h----- C:\Users\Mark\AppData
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Videos
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Saved Games
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Pictures
2007-08-29 13:09:06 1835008 --ahs---- C:\Users\Mark\ntuser.dat
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Music
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Links
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Favorites
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Downloads
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Documents
2007-08-29 13:09:06 0 dr------- C:\Users\Mark\Desktop
2007-08-29 03:37:13 0 d-------- C:\Users\All Users\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2007-08-29 03:37:04 0 d-------- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2007-08-29 03:35:28 0 d-------- C:\Program Files\Synaptics
2007-08-29 03:33:05 0 d-------- C:\Program Files\Atheros
2007-08-29 03:30:14 0 d-------- C:\Windows\system32\Lang
2007-08-29 03:30:12 0 d-------- C:\Intel
2007-08-29 03:23:30 0 d-------- C:\Users\All Users\Microsoft Help
2007-08-29 03:21:32 0 d-------- C:\Program Files\Microsoft Works
2007-08-29 03:17:13 0 d-------- C:\Windows\SoftwareDistribution
2007-08-29 03:12:44 0 d--hs---- C:\System Volume Information
2007-08-29 00:08:10 0 dr------- C:\Users\Kyle\Searches
2007-08-29 00:07:55 0 dr------- C:\Users\Kyle\Contacts
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Videos
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Templates
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Start Menu
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\SendTo
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Saved Games
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Recent
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\PrintHood
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Pictures
2007-08-29 00:06:57 1835008 --ahs---- C:\Users\Kyle\ntuser.dat
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\NetHood
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\My Documents
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Music
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Local Settings
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Links
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Favorites
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Downloads
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Documents
2007-08-29 00:06:57 0 dr------- C:\Users\Kyle\Desktop
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Cookies
2007-08-29 00:06:57 0 d--hs---- C:\Users\Kyle\Application Data
2007-08-29 00:06:57 0 d--h----- C:\Users\Kyle\AppData


-- Find3M Report ---------------------------------------------------------------

2007-09-20 14:22:00 0 d-------- C:\Users\Kyle\AppData\Roaming\uTorrent
2007-09-18 23:01:13 0 d-------- C:\Users\Kyle\AppData\Roaming\Corel
2007-09-18 23:00:00 0 d-------- C:\Program Files\Common Files
2007-09-18 23:00:00 0 d-------- C:\Program Files\Common Files\InstallShield
2007-09-16 22:38:21 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-16 03:12:22 0 d-------- C:\Program Files\Windows Mail
2007-09-11 22:37:23 0 d-------- C:\Users\Kyle\AppData\Roaming\Miranda
2007-09-11 16:23:03 0 d-------- C:\Program Files\MSBuild
2007-09-11 11:15:32 0 d-------- C:\Users\Kyle\AppData\Roaming\Real
2007-09-07 10:01:46 0 d-------- C:\Users\Kyle\AppData\Roaming\NCH Swift Sound
2007-09-07 10:01:31 0 d-------- C:\Users\Kyle\AppData\Roaming\RecordPad
2007-09-07 09:58:16 0 d-------- C:\Users\Kyle\AppData\Roaming\Apple Computer
2007-09-06 13:54:21 0 d-------- C:\Users\Kyle\AppData\Roaming\FaxCtr
2007-09-05 16:28:42 0 d-------- C:\Users\Kyle\AppData\Roaming\Adobe
2007-08-31 19:03:20 0 d-------- C:\Users\Kyle\AppData\Roaming\Mozilla
2007-08-30 16:48:32 0 d-------- C:\Program Files\Google
2007-08-30 12:20:25 0 d-------- C:\Program Files\Windows Sidebar
2007-08-30 12:20:23 0 d-------- C:\Program Files\Yahoo!
2007-08-30 12:20:21 0 d-------- C:\Program Files\Common Files\SureThing Shared
2007-08-29 14:37:51 0 d-------- C:\Program Files\Java
2007-08-29 13:59:02 0 d-------- C:\Users\Kyle\AppData\Roaming\InstallShield
2007-08-29 13:53:28 174 --ahs---- C:\Program Files\desktop.ini
2007-08-29 13:49:22 0 d-------- C:\Program Files\Windows Calendar
2007-08-29 13:49:16 0 d-------- C:\Program Files\Windows Defender
2007-08-29 13:06:43 0 d-------- C:\Users\Kyle\AppData\Roaming\Macromedia
2007-08-29 00:32:36 0 d-------- C:\Users\Kyle\AppData\Roaming\Google
2007-08-29 00:07:58 0 d-------- C:\Users\Kyle\AppData\Roaming\Identities


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/27/2006 04:50 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [08/29/2007 01:43 PM]
"RtHDVCpl"="RtHDVCpl.exe" [11/09/2006 02:57 PM C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 03:16 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 08:49 PM]
"NDSTray.exe"="NDSTray.exe" []
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/18/2006 08:06 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 04:00 AM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [08/16/2007 10:25 PM]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [08/14/2007 10:06 AM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [08/14/2007 10:06 AM]
"@"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 05:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 06:34 AM]
"KeyAccess"="C:\Windows\keyacc32.exe" [06/08/2007 01:00 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [08/24/2007 12:54 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [08/24/2007 12:54 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [08/24/2007 12:54 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/14/2007 10:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [11/10/2006 06:22 PM]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 08:35 AM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 08:36 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [8/31/2007 12:49:17 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 05/18/2007 02:30 PM 79368 C:\Windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=KATRACK.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HWSetup]
C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
"C:\Program Files\Lexmark 2500 Series\lxddamon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
"C:\Program Files\Lexmark 2500 Series\lxddmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PINGER]
C:\TOSHIBA\IVP\ISM\pinger.exe /run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordPadRun]
"C:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{377a596b-64ca-11dc-9acd-0016d4fc3df5}]
AutoRun\command- E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5197c3dc-6419-11dc-8829-0016d4fc3df5}]
AutoRun\command- G:\LaunchU3.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2007-09-20 17:16:55 ------------





Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Premium (build 6000)
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2080 @ 1.73GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 1013.5 MiB / 482.34 MiB
Pagefile Memory (total/avail): 2278.75 MiB / 1441.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.8 MiB

C: is Fixed (NTFS) - 110.32 GiB total, 58.56 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (FAT32)
G: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - Hitachi HTS541612J9SA00 ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 1500 MiB
\PARTITION1 (bootable) - Installable File System - 110.32 GiB - C:

\\.\PHYSICALDRIVE1 - Apple iPod USB Device - 27.95 GiB - 1 partition
\PARTITION0 - Unknown - 27.85 GiB - F:

\\.\PHYSICALDRIVE2 - Kingston DataTraveler 2.0 USB Device - 1945.37 MiB - 1 partition
\PARTITION0 - Unknown - 1947 MiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
FW: CA Personal Firewall 9.1.0.35 v9.1.0.35 (CA)
AV: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AV: McAfee VirusScan v (McAfee) Disabled
AS: McAfee VirusScan v (McAfee) Disabled
AS: Symantec AntiVirus v10.2.0.276 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled
AS: CA Anti-Spyware v9.1.0.22 (CA)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine"
"C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Kyle\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=KVENESS1
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Kyle
LOCALAPPDATA=C:\Users\Kyle\AppData\Local
LOGONSERVER=\\KVENESS1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Kyle\AppData\Local\Temp
TMP=C:\Users\Kyle\AppData\Local\Temp
USERDOMAIN=KVENESS1
USERNAME=Kyle
USERPROFILE=C:\Users\Kyle
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Kyle (admin)
Mark (admin)
User


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\InstallShield Installation Information\{ACA293BD-7D6B-4763-8C91-05287E666A8C}\setup.exe -runfromtemp -l0x0009
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
ABBYY FineReader 6.0 Sprint --> MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Atheros Driver Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Bejeweled 2 Deluxe --> "C:\Program Files\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blackhawk Striker 2 --> "C:\Program Files\TOSHIBA Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3 --> "C:\Program Files\TOSHIBA Games\Blasterball 3\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
CA Internet Security Suite --> "C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
CD/DVD Drive Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe" -l0x9
Chuzzle Deluxe --> "C:\Program Files\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
Command & Conquer The First Decade --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}\setup.exe" -l0x9 -removeonly
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
DC++ 0.699 --> "C:\Program Files\DC++\uninstall.exe"
Desktop Dialer --> C:\Windows\unvise32.exe C:\Program Files\DesktopDialer\uninstal.log
DVD MovieFactory for TOSHIBA --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Express Rip --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FATE --> "C:\Program Files\TOSHIBA Games\FATE\Uninstall.exe"
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
HijackThis 2.0.2 --> "C:\Users\Kyle\Desktop\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
ISO Recorder --> MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92}
iTunes --> MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
JEOPARDY --> "C:\Program Files\TOSHIBA Games\JEOPARDY\Uninstall.exe"
Lexmark 2500 Series --> C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions --> C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft Money Essentials --> "C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries --> MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft MSDN 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSa22.inf, Uninstall
Microsoft Visual Basic 2005 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Basic 2005 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2005 Express Edition - ENU --> MsiExec.exe /X{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747) --> C:\Windows\system32\msiexec.exe /promptrestart /uninstall {355AD171-6294-4265-95EC-741E081E98F3} /package {577AD794-8B34-40B4-9E7A-BE4CFFE396E6}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Miranda IM 0.6.8 --> C:\Program Files\Miranda IM\uninstall.exe
Mozilla Firefox (2.0.0.7) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Penguins! --> "C:\Program Files\TOSHIBA Games\Penguins!\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista --> C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
RecordPad Sound Recorder --> C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Sassafras K2 Client --> MsiExec.exe /I{E23D1D2C-1762-11D5-A8D2-00C04FA35723}
SCRABBLE --> "C:\Program Files\TOSHIBA Games\SCRABBLE\Uninstall.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB936509) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A00724F5-82C4-4924-B707-0E5A84B52471}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB936514) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C7A78F7F-EF32-4477-BAD7-3439EA7571BF}
Security Update for Publisher 2007 (KB936646) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A32E4BAF-6477-45FA-B8AB-E743FA8D63FF}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Symantec AntiVirus --> MsiExec.exe /I{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{F7B05784-334C-4F76-8BAB-30ABEB7FD534}\setup.exe -runfromtemp -l0x0409
TOSHIBA Assist --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe" -l0x9
TOSHIBA ConfigFree --> C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe -runfromtemp -l0x0009uninstall -removeonly
TOSHIBA Disc Creator --> MsiExec.exe /I{5DA0E02F-970B-424B-BF41-513A5018E4C0}
TOSHIBA Extended Tiles for Windows Mobility Center --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{617C36FD-0CBE-4600-84B2-441CEB12FADF} /l1033
TOSHIBA Flash Cards Support Utility --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{620BBA5E-F848-4D56-8BDA-584E44584C5E}
TOSHIBA Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
TOSHIBA Hardware Setup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5279374D-87FE-4879-9385-F17278EBB9D3} /l1033
TOSHIBA Media Center Game Console --> "C:\Program Files\TOSHIBA Games\TOSHIBA Media Center Game Console\Uninstall.exe"
Toshiba Registration --> MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
TOSHIBA SD Memory Utilities --> MsiExec.exe /X{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA Software Upgrades --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
TOSHIBA Speech System Applications --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
TOSHIBA Speech System SR Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
TOSHIBA Speech System TTS Engine(U.S.) Version1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
TOSHIBA Supervisor Password --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE} /l1033
TOSHIBA Value Added Package --> C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB937608) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CBB2454D-193F-4523-8A31-FEB343B7C30E}
Update for Outlook 2007 Junk Email Filter (kb936644) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}
Update for Word 2007 (KB934173) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinDVD for TOSHIBA --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
Yahoo! Music Jukebox --> "C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type7542 / Warning
Event Submitted/Written: 09/20/2007 02:24:37 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type7540 / Warning
Event Submitted/Written: 09/20/2007 02:24:37 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type7539 / Warning
Event Submitted/Written: 09/20/2007 02:24:37 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type7538 / Warning
Event Submitted/Written: 09/20/2007 02:24:37 PM
Event ID/Source: 42 / Symantec AntiVirus
Event Description:
Auto-Protect Error: Auto-Protect is unable to block security risks.

Event Record #/Type7537 / Success
Event Submitted/Written: 09/20/2007 02:24:27 PM
Event ID/Source: 88 / UmxAgent
Event Description:
Sync client C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe registered successfully



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20280 / Error
Event Submitted/Written: 09/20/2007 02:30:13 PM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{B77590ED-1CA5-4116-8C6D-32E84BF21D59}.
The backup browser is stopping.

Event Record #/Type20279 / Warning
Event Submitted/Written: 09/20/2007 02:27:49 PM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser service was unable to retrieve a list of servers from the browser master \\CRAKOWSK on the network \Device\NetBT_Tcpip_{B77590ED-1CA5-4116-8C6D-32E84BF21D59}.



Browser master: \\CRAKOWSK

Network: \Device\NetBT_Tcpip_{B77590ED-1CA5-4116-8C6D-32E84BF21D59}



This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.

Event Record #/Type20258 / Error
Event Submitted/Written: 09/20/2007 02:25:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Tosrfcom

Event Record #/Type20157 / Error
Event Submitted/Written: 09/20/2007 02:22:33 PM
Event ID/Source: 10010 / DCOM
Event Description:
{C2BFE331-6739-4270-86C9-493D9A04CD38}

Event Record #/Type20155 / Warning
Event Submitted/Written: 09/20/2007 02:20:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-09-20 17:16:55 ------------

#9 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:25 PM

Posted 22 September 2007 - 01:03 AM

Hey Commie,

Thanks for posting back. If you are not using the Antivirus of CA, I dont see a problem.

As for the version, your scan only shows "Vista" and I was wondering what "type" you have (Ultimate, Home Basic, Home Premium, Business etc pp.).
This question has been answered with one of the last logs though; showing "Microsoft® Windows Vista™ Home Premium (build 6000)"

Thanks for answering in regards to the printer. There was one entry in the previous log, which led me to assume so but I wanted confirmation :thumbsup: .

Step #1

It looks like you got two firewalls running. This is not a good idea, as they can block each other and cause system lags.
Please either remove McAfee Personal Firewall or the one being part of CA Internet Security.

Step #2

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

Step #3

I see you are using peer2peer software. If you use P2P software, make sure you are careful about what you open and what P2P program you install. Malware is all over the P2P networks and the programs often come bundled with Adware and Spyware.

Further readings of interest in regards to the p2p "issue" are: http://pcpitstop.com/spycheck/p2p.asp and this: http://pcpitstop.com/spycheck/badtorrent.asp

Step #4

NB: [4] requires a registry edit and should only be done with intense care and previously prepared backups. Please look into [1] to [3] before continuing and let me know otherwise before you go onto [4]!


Your log shows several errors. Please check these out:

[1] Type20258 - Toshiba related error
[2]Type20157- Intel Vita Graphics Driver
[3] 20155 - TCP/IP related
[4] 8021 - Browser error related to Network settings

Step #5

To speed up your pc you should consider disabling following services running at startup:
  • Apple Mobile Device
  • StarWindServiceAE (Alcohol 120 related)
Step #6

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #7

Please post back with a fresh HijackThis log and the F-Secure Onlinescan report.

Thanks

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#10 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 22 September 2007 - 11:50 PM

Scanning Report
Saturday, September 22, 2007 23:35:47 - 00:39:10

Computer name: KVENESS1
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 0 malware found
Statistics
Scanned:

* Files: 49522
* System: 0
* Not scanned: 0

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-09-21
* F-Secure AVP: 7.0.171, 2007-09-21
* F-Secure Orion: 1.2.37, 2007-09-21
* F-Secure Blacklight: 1.0.64
* F-Secure Pegasus: 1.19.0, 2007-08-18

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD LSP MAP MHT MIF PHP POT WMF NWS TAR
* Use Advanced heuristics

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

___________________________________________________________________________________________________________







Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:31 AM, on 9/23/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {A4069847-C342-48E2-9257-01A24E5C78EA} (F-Secure Online Scanner 3.2) - http://support.f-secure.com/ols3beta/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 8489 bytes

#11 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:09:25 PM

Posted 24 September 2007 - 11:14 PM

Hey Commie,

Are you still receiving BSODs? Did you do anything in regards to the Eror messages?
From a Malware / Spyware perspective I cannot see anything anyore, from what your logs showed.
It seems to be more of a driver / software issue. For further problem fighting, please try this:

Start >> type in the Vista "start search box" : event viewer

This should show you an icon for the event viewer. Click it and see what the viewer gives for details.
Report them in the software forum, or in the hardware forum.

Sorry to not be of more help and thanks for your patience.

Johannes

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image


#12 Commie

Commie
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 PM

Posted 25 September 2007 - 12:30 AM

Unfortunately I am still receiving BSODs. But thank you for the help as I'm sure there would have been more problems down the road if I had not started this thread. I'll check out your suggestions and see what I can do. Thanks again.

Although, I am confused as to what exactly I should be posting from the event viewer.

Edited by Commie, 25 September 2007 - 12:32 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users