Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps Prompting For Admin Account


  • Please log in to reply
34 replies to this topic

#1 powerjuce

powerjuce

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 29 March 2008 - 08:18 PM

Hey all
I hav a problem
I am constantly asked for adminlevel restrictions when I use my Computer.
I ran all the programs asked and here is the HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:06:36 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cain\Abel.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Process Lasso\processgovernor.exe
C:\WINDOWS\system32\tcpsvcs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Process Lasso\ProcessSupervisor.exe
C:\Program Files\Executor\Executor.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ProcessGovernor] C:\Program Files\Process Lasso\processgovernor.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProcessSupervisorGUI] C:\Program Files\Process Lasso\ProcessSupervisor.exe /tray
O4 - HKCU\..\Run: [Executor] "C:\Program Files\Executor\Executor.exe" -s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187282927777
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O23 - Service: Abel - oxid.it - C:\Program Files\Cain\Abel.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: US30Service - Unknown owner - C:\Documents and Settings\Owner\My Documents\Prateek\US30Service.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 8689 bytes
sorry some lines wrap
If it is easier here is the actual log file

[attachment=4356:hijackthis.log]
Thank you for all your help

BC AdBot (Login to Remove)

 


#2 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 11 April 2008 - 01:11 PM

Hi powerjuice,

You still having problems?
If so -- post a fresh hijackthis log here please.

Questions:

Did you install Cain/Abel?

This program gives me mixed results when I research:
C:\Program Files\Executor\Executor.exe

Do you know what it is?

----------------

If you still get those admin prompts --
Can you tell me exactly what the prompt window says?

How to:
Next time you get one of those prompts make sure that prompt window has "focus" then press "Ctrl+C" on the keyboard.
Open notepad, right click inside open notepad window then hit "paste"
Doing that copies the contents of the message.

Save that notepad file someplace you will remember.
Post its contents here.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#3 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 14 April 2008 - 05:58 PM

hey blender... sorry for getting back late...thanks for helping

Did you install Cain/Abel?

yes i did

This program gives me mixed results when I research:
C:\Program Files\Executor\Executor.exe

It is valid...It is a text based launcher
This is the site

here is the message

---------------------------
System Configuration
---------------------------
An Access Denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes.
---------------------------
OK   
---------------------------

and do u want a new log

Edited by powerjuce, 14 April 2008 - 06:00 PM.


#4 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 15 April 2008 - 05:40 AM

Hi,

thanks for the error msg printout.
Sounds like a restriction set someplace.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.


Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#5 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 15 April 2008 - 07:14 PM

here you go
enjoy
(main.txt)
Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-15 18:43:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 5 Restore Point(s) --
20: 2008-04-15 22:40:37 UTC - RP275 - Deckard's System Scanner Restore Point
19: 2008-04-12 20:23:28 UTC - RP274 - Installed HP Update
18: 2008-04-12 20:23:05 UTC - RP273 - Removed HP Software Update
17: 2008-04-12 20:16:11 UTC - RP272 - System Checkpoint
16: 2008-04-08 22:43:48 UTC - RP271 - Software Distribution Service 3.0


-- First Restore Point -- 
1: 2008-03-19 19:25:19 UTC - RP256 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 383 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Owner.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:45:51 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Cain\Abel.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TightVNC\WinVNC.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Executor\Executor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Process Lasso\ProcessSupervisor.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Startprograms.lnk = C:\Documents and Settings\Owner\Desktop\AutoIT\Startprograms.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187282927777
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O23 - Service: Abel - oxid.it - C:\Program Files\Cain\Abel.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: US30Service - Unknown owner - C:\Documents and Settings\Owner\My Documents\Prateek\US30Service.exe (file missing)
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 8379 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].ini - unable to read key[/COLOR]
[COLOR=red].ini - unable to read key[/COLOR]
[COLOR=red].txt - unable to read key[/COLOR]
[COLOR=red].txt - unable to read key[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 HFXP2 - c:\windows\system32\drivers\hfxp2.sys <Not Verified; FSPro Labs; Hide Folders XP>
R0 MPRIFL - c:\windows\system32\drivers\mprifl.sys <Not Verified; FSPro Labs; My Private Folder>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 US30Sys - c:\windows\system32\drivers\us30xp.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 cdenable - c:\windows\system32\drivers\cdenable.sys
R2 ssoftnt4 - c:\windows\system32\drivers\ssoftnt4.sys
R3 US30Kbd - c:\windows\system32\drivers\us30kbd2k.sys

S3 BCM43XX (BCM 802.11b Network Adapter Driver) - c:\windows\system32\drivers\bcmwl5.sys (file missing)
S3 nocashio - c:\windows\system32\drivers\nocashio.sys
S3 TIEHDUSB - c:\windows\system32\drivers\tiehdusb.sys <Not Verified; Texas Instruments Incorporated; Texas Instruments Incorporated Educational Handheld Device>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Abel - c:\program files\cain\abel.exe <Not Verified; oxid.it; Abel>
R2 winvnc (VNC Server) - "c:\program files\tightvnc\winvnc.exe" -service <Not Verified; TightVNC Group; TightVNC Win32 Server>

S2 US30Service - c:\documents and settings\Owner\my documents\prateek\us30service.exe (file missing)
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 ssoftservice (Cryptainer service) - ssoftsrv.exe <Not Verified; Cypherix; Cryptainer>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-15 18:05:02	   338 --a------ C:\WINDOWS\Tasks\GlaryInitialize.job
2008-04-09 20:56:06	   284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-08-14 15:36:04	   376 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-08-14 15:36:00	   378 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2008-03-15 and 2008-04-15 -----------------------------

2008-04-09 20:30:06		 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-04-07 20:33:59		 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-04-07 20:33:37		 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-04-07 20:33:34		 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-04-07 20:33:03		 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-04-05 22:30:52		 0 d-------- C:\Documents and Settings\Owner\Application Data\GlarySoft
2008-04-05 22:17:29		 0 d-------- C:\Program Files\Glary Utilities
2008-03-29 22:12:06	 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
2008-03-29 22:12:05	 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
2008-03-29 22:11:39		 0 d-------- C:\Program Files\Sygate
2008-03-29 21:05:15		 0 d-------- C:\Program Files\Trend Micro
2008-03-29 18:03:56		 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-29 13:30:43		 0 d-------- C:\Program Files\Lavasoft
2008-03-29 13:30:41		 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-28 23:21:27		 0 d-------- C:\Downloads
2008-03-28 23:20:02		 0 d-------- C:\Documents and Settings\Owner\Application Data\Free Download Manager
2008-03-28 23:19:45		 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2008-03-28 23:19:42		 0 d-------- C:\Program Files\Free Download Manager
2008-03-27 19:38:29		 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-03-22 18:33:49		 0 d-------- C:\Documents and Settings\Owner\Application Data\ProcessLasso
2008-03-22 18:33:39		 0 d-------- C:\Program Files\Process Lasso
2008-03-19 14:22:17		 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-03-19 14:13:54		 0 d-------- C:\WINDOWS\pss
2008-03-16 17:35:31		 0 d-------- C:\Documents and Settings\Owner\Application Data\RetroShare


-- Find3M Report ---------------------------------------------------------------

2008-03-23 21:04:40	   375 --a------ C:\AUTOEXEC.BAT
2008-03-12 20:51:18		 0 d-------- C:\Program Files\Common Files\HP
2008-02-26 21:52:14	  2007 --a------ C:\WINDOWS\system32\loc.bat
2008-02-26 18:41:04	 14693 --a------ C:\WINDOWS\mozver.dat
2008-02-23 20:38:30		 0 d-------- C:\Documents and Settings\Owner\Application Data\Executor
2008-02-23 20:38:20		 0 d-------- C:\Program Files\Executor
2008-02-21 17:15:26		 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-21 17:15:04		 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-21 17:14:38		 0 d-------- C:\Program Files\Common Files\Download Manager
2008-02-17 12:44:40		 0 d-------- C:\Documents and Settings\Owner\Application Data\Inkscape
2008-01-26 16:42:18	 40960 --a------ C:\WINDOWS\system32\pngout.exe
2008-01-26 16:41:16		40 --a------ C:\WINDOWS\system32\pangout.bat
2008-01-26 16:40:20		93 --a------ C:\WINDOWS\system32\upax.bat
2008-01-26 16:40:00		40 --a------ C:\WINDOWS\system32\cleanup.bat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [11/25/2003 12:36 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [05/07/2007 07:28 PM]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [10/15/2004 07:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:00 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE [7/11/1997]
Microsoft Office Shortcut Bar.lnk - C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE [7/11/1997]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [7/11/1997]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
Startprograms.lnk - C:\Documents and Settings\Owner\Desktop\AutoIT\Startprograms.exe [4/7/2008 7:52:39 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"=1 (0x1)
"AllowUnhashedWebView"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\TaskMgr.exe]
Debugger=C:\WINDOWS\SYSTEM32\DTaskManager.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
"C:\Program Files\Unlocker\UnlockerAssistant.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Stuffit Archive Name Service"=2 (0x2)
"ssoftservice"=2 (0x2)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\X]
AutoRun\command- X:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45753df0-abff-11dc-852f-000e2eaad27d}]
AutoRun\command- F:\Apps\PS\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{493e2ae0-6886-11dc-84b7-000e2eaad27d}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{493e2ae1-6886-11dc-84b7-000e2eaad27d}]
AutoRun\command- F:\PS\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72777bae-7bf3-11db-8423-001150b6f20f}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{72777baf-7bf3-11db-8423-001150b6f20f}]
AutoRun\command- H:\PortableApps\PS\PStart.exe




-- End of Deckard's System Scanner: finished at 2008-04-15 18:48:30 ------------


now extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel Celeron processor
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 382.48 MiB / 120.31 MiB
Pagefile Memory (total/avail): 537.68 MiB / 216.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.93 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 27.94 GiB total, 4.7 GiB free. 
D: is CDROM (No Media)
E: is CDROM (No Media)
Z: is Fixed (FAT32) - 27.94 GiB total, 4.7 GiB free. 

\\.\PHYSICALDRIVE0 - WDC WD300AB-72BVA0 - 27.95 GiB - 1 partition
  \PARTITION0 (bootable) - Unknown - 27.95 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Messenger\\MSMSGS.EXE"="C:\\Program Files\\Messenger\\MSMSGS.EXE:*:Enabled:Windows Messenger"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"c:\\windows\\system32\\prmrsr.exe"="c:\\windows\\system32\\prmrsr.exe:*:Enabled:prmrsr.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Owner\\Application Data\\U3\\0000060505116910\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"="C:\\Documents and Settings\\Owner\\Application Data\\U3\\0000060505116910\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe:*:Enabled:Skype"
"G:\\Mainportableapps\\PortableApps\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe"="G:\\Mainportableapps\\PortableApps\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Java\\jre1.5.0_09\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_09\\BIN\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
"C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_02\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\ACSPMonitor\\ASMonitor.exe"="C:\\Program Files\\ACSPMonitor\\ASMonitor.exe:*:Enabled:System"
"H:\\Mainportableapps\\PortableApps\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe"="H:\\Mainportableapps\\PortableApps\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Kaboodle\\Kaboodle.exe"="C:\\Program Files\\Kaboodle\\Kaboodle.exe:*:Enabled:Kaboodle.exe"
"C:\\Program Files\\Kaboodle\\Kaboodle Helper\\vncviewer.exe"="C:\\Program Files\\Kaboodle\\Kaboodle Helper\\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\\Program Files\\Kaboodle\\Kaboodle Helper\\WinVNC.exe"="C:\\Program Files\\Kaboodle\\Kaboodle Helper\\WinVNC.exe:*:Enabled:WinVNC.exe"
"C:\\Program Files\\Kaboodle\\Kaboodle Helper\\zebedee.exe"="C:\\Program Files\\Kaboodle\\Kaboodle Helper\\zebedee.exe:*:Enabled:zebedee.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle.exe:*:Enabled:Kaboodle.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\vncviewer.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\vncviewer.exe:*:Enabled:vncviewer.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\WinVNC.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\WinVNC.exe:*:Enabled:WinVNC.exe"
"C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\zebedee.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Kaboodle\\Kaboodle Helper\\zebedee.exe:*:Enabled:zebedee.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\Owner\\Desktop\\PortableSkype\\skype\\Skype.exe"="C:\\Documents and Settings\\Owner\\Desktop\\PortableSkype\\skype\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\MirandaPortable\\program\\miranda32.exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temp\\MirandaPortable\\program\\miranda32.exe:*:Enabled:Miranda IM"
"H:\\Mainportableapps\\PortableApps\\PortableApps\\PortableSkype\\skype\\Skype.exe"="H:\\Mainportableapps\\PortableApps\\PortableApps\\PortableSkype\\skype\\Skype.exe:*:Enabled:Skype"
"H:\\Mainportableapps\\MirandaPortable\\App\\miranda\\miranda32.exe"="H:\\Mainportableapps\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\BIN\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe"="H:\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\Owner\\Desktop\\babywebssl\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\babywebssl\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\WINDOWS\\System32\\java.exe"="C:\\WINDOWS\\System32\\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Program Files\\TightVNC\\WinVNC.exe"="C:\\Program Files\\TightVNC\\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\\Program Files\\TightVNC\\vncviewer.exe"="C:\\Program Files\\TightVNC\\vncviewer.exe:*:Enabled:vncviewer"
"C:\\Documents and Settings\\Owner\\Desktop\\Uniform Server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Uniform Server\\udrive\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\\Documents and Settings\\Owner\\Desktop\\Uniform Server\\udrive\\usr\\local\\apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Uniform Server\\udrive\\usr\\local\\apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Owner\\Desktop\\ASP CD ADD THESE FILES\\ASPCD\\settings\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\ASP CD ADD THESE FILES\\ASPCD\\settings\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\Desktop\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\babyweb2\\babyweb.exe"="C:\\babyweb2\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\ASPCD\\babyweb.exe"="C:\\ASPCD\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Program Files\\BabyWeb\\babyweb.exe"="C:\\Program Files\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\Desktop\\ASPPortable\\App\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\ASPPortable\\App\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\Desktop\\Copy of ASPPortable\\App\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Copy of ASPPortable\\App\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"H:\\PortableApps\\ASPPortable\\App\\BabyWeb\\babyweb.exe"="H:\\PortableApps\\ASPPortable\\App\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\Desktop\\Abyss Web Server\\abyssws.exe"="C:\\Documents and Settings\\Owner\\Desktop\\Abyss Web Server\\abyssws.exe:*:Enabled:Abyss Web Server X1"
"C:\\Documents and Settings\\Owner\\Desktop\\php2\\ES-V100July2006\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe"="C:\\Documents and Settings\\Owner\\Desktop\\php2\\ES-V100July2006\\diskw\\usr\\local\\mysql\\bin\\mysqld-opt.exe:*:Enabled:mysqld-opt"
"C:\\Documents and Settings\\Owner\\Desktop\\php2\\ES-V100July2006\\diskw\\usr\\local\\apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\Owner\\Desktop\\php2\\ES-V100July2006\\diskw\\usr\\local\\apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\xampplite\\apache\\bin\\apache.exe"="C:\\xampplite\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Documents and Settings\\Owner\\Desktop\\REST2514\\ASPCD\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\REST2514\\ASPCD\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\flashdump\\MirandaPortable\\App\\miranda\\miranda32.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\flashdump\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\Owner\\Desktop\\X-ChatPortable\\App\\x-chat\\xchat.exe"="C:\\Documents and Settings\\Owner\\Desktop\\X-ChatPortable\\App\\x-chat\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Documents and Settings\\Owner\\Desktop\\drjava-stable-20080106-0744.exe"="C:\\Documents and Settings\\Owner\\Desktop\\drjava-stable-20080106-0744.exe:*:Enabled:drjava-stable-20080106-0744"
"C:\\Documents and Settings\\Owner\\Desktop\\CS2D\\CS2D.exe"="C:\\Documents and Settings\\Owner\\Desktop\\CS2D\\CS2D.exe:*:Enabled:CS2D"
"C:\\Documents and Settings\\Owner\\Desktop\\alldirs\\ASPCD\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\alldirs\\ASPCD\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\Desktop\\New Folder (2)\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\New Folder (2)\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\PortableTor\\App\\tor.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\PortableTor\\App\\tor.exe:*:Enabled:tor"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\ASPPortable\\App\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\ASPPortable\\App\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and Settings\\Owner\\Desktop\\alldirs\\ASPPortable\\BabyWeb\\babyweb.exe"="C:\\Documents and Settings\\Owner\\Desktop\\alldirs\\ASPPortable\\BabyWeb\\babyweb.exe:*:Enabled:Baby Web Server"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\FirefoxPortable\\App\\firefox\\FireFox1.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\FirefoxPortable\\App\\firefox\\FireFox1.exe:*:Enabled:Firefox"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\PortableTor\\App\\PortableTor\\Tor.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\PortableTor\\App\\PortableTor\\Tor.exe:*:Enabled:Tor"
"C:\\Documents and Settings\\Owner\\Desktop\\APCS\\DR Java\\DrJava.exe"="C:\\Documents and Settings\\Owner\\Desktop\\APCS\\DR Java\\DrJava.exe:*:Enabled:DrJava"
"C:\\Documents and Settings\\Owner\\Desktop\\HfsPortable\\App\\HFS\\hfs.exe"="C:\\Documents and Settings\\Owner\\Desktop\\HfsPortable\\App\\HFS\\hfs.exe:*:Enabled:hfs"
"C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\X-ChatPortable\\App\\x-chat\\xchat.exe"="C:\\Documents and Settings\\Owner\\My Documents\\Prateek\\Locker\\PortableApps\\X-ChatPortable\\App\\x-chat\\xchat.exe:*:Enabled:X-Chat IRC Client"
"C:\\Documents and Settings\\Owner\\Desktop\\MirandaPortable\\App\\miranda\\miranda32.exe"="C:\\Documents and Settings\\Owner\\Desktop\\MirandaPortable\\App\\miranda\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Documents and Settings\\Owner\\DESKTOP\\cs2d_0104\\CounterStrike2D.exe"="C:\\Documents and Settings\\Owner\\DESKTOP\\cs2d_0104\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILYROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
defs=C:\Documents
drive=C:\ASPCD\host
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\FAMILYROOM
main=C:\Documents and settings\Owner\desktop
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
PANGO_WIN32_NO_UNISCRIBE=anything
Path=C:\Documents and Settings\Owner\Desktop\test\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Universal Extractor\bin;C:\PROGRA~1\TIEDUC~1\TI-83P~1\UTILS;C:\WINDOWS;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER\LOCALS~1\Temp
TI83PLUSDIR=C:\PROGRA~1\TIEDUC~1\TI-83P~1
TMP=C:\DOCUME~1\OWNER\LOCALS~1\Temp
USERDOMAIN=FAMILYROOM
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
winbootdir=C:\WINDOWS
windir=C:\WINDOWS
WORK=C:\Documents and settings\Owner\desktop\alldirs
working=C:\Documents and Settings\Owner\Desktop\alldirs


-- User Profiles ---------------------------------------------------------------

Owner [I](admin)[/I]
admin2000 [I](new local)[/I]
Administrator [I](admin)[/I]
Guest [I](new local, guest)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\INSTALL.LOG
AoA Audio Extractor 1.0 --> "C:\Program Files\AoA Audio Extractor\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
AutoIt v3.2.10.0 --> C:\Program Files\AutoIt3\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Comcast High-Speed Internet Install Wizard --> C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\Dev-Cpp\uninstall.exe"
Exewrapper (remove only) --> "C:\Program Files\Exe Wrapper\uninstall.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
GFM 1.00 --> "C:\Program Files\GFM\unins000.exe"
GIMP 2.4.4 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"
Glary Utilities 2.5 --> "C:\Program Files\Glary Utilities\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Imaging Device Functions 5.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Solution Center & Imaging Support Tools 5.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
IcoFX 1.5.01 --> "C:\Program Files\IcoFX 1.5\unins000.exe"
InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java DB 10.2.2.0 --> MsiExec.exe /X{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Development Kit 6 Update 2 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160020}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 97, Professional Edition --> C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Text-to-Speech Engine 4.0 (English) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSa22.inf, Uninstall
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NETGEAR Print Server Utility --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\NETGEAR Print Server Utility\Uninst.isu"
Notepad++ --> C:\Program Files\Notepad++\uninstall.exe
Nullsoft Install System --> "C:\Program Files\NSIS\uninst-nsis.exe"
Pharaoh and Cleopatra --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}\Setup.exe" 
Process Lasso --> "C:\Program Files\Process Lasso\uninstall.exe"
Python 2.5 py2exe-0.6.6 --> "C:\Python25\Removepy2exe.exe" -u "C:\Python25\py2exe-wininst.log"
Python 2.5 pyHook-1.5a --> "C:\Python25\RemovepyHook.exe" -u "C:\Python25\pyHook-wininst.log"
Python 2.5 pywin32-210 --> "C:\Python25\Removepywin32.exe" -u "C:\Python25\pywin32-wininst.log"
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
QuickVerse Library --> C:\WINDOWS\uninst.exe -fc:\qv\qvlib\DeIsL1.isu
QuickVerse Library Book Manager --> C:\WINDOWS\uninst.exe -fc:\qv\bookmgr\DeIsL1.isu
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StuffIt 11 --> MsiExec.exe /X{8424EF22-44CF-4DD4-B702-FADA3998F4BA}
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The Expositor's Bible Commentary --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Zondervan\Reference\DeIsL1.isu"  -c"C:\Program Files\Zondervan\Reference\_ISREG32.DLL"
TI Connect 1.6 --> MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
TightVNC 1.3.9 --> "C:\Program Files\TightVNC\unins000.exe"
Universal Extractor 1.5 --> "C:\Program Files\Universal Extractor\unins000.exe"
Unlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 --> 
Zondervan STEP Reader --> C:\PROGRA~1\ZONDER~1\STEPREAD\ZON_UNIN.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type2749 / Error
Event Submitted/Written: 04/15/2008 06:12:17 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Event Record #/Type2748 / Error
Event Submitted/Written: 04/15/2008 06:12:17 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Event Record #/Type2739 / Error
Event Submitted/Written: 04/15/2008 05:38:30 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Event Record #/Type2738 / Error
Event Submitted/Written: 04/15/2008 05:38:30 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.

Event Record #/Type2727 / Error
Event Submitted/Written: 04/14/2008 06:22:57 PM
Event ID/Source: 4127 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci could not be initialized. Error 3221225477.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type34127 / Error
Event Submitted/Written: 04/15/2008 06:05:31 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The US30Service service failed to start due to the following error: 
%%2

Event Record #/Type34114 / Error
Event Submitted/Written: 04/15/2008 05:33:14 PM
Event ID/Source: 10010 / DCOM
Event Description:
The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register with DCOM within the required timeout.

Event Record #/Type34106 / Error
Event Submitted/Written: 04/15/2008 05:32:52 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the mcpromgr service.

Event Record #/Type34105 / Error
Event Submitted/Written: 04/15/2008 05:32:41 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error: 
%%1053

Event Record #/Type34104 / Error
Event Submitted/Written: 04/15/2008 05:32:41 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.



-- End of Deckard's System Scanner: finished at 2008-04-15 18:48:30 ------------


#6 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 17 April 2008 - 03:17 AM

Hi,

Sorry for delay. I was working.

Install anything new just before these prompts started?
What is it you have to do to re-create the errors?

This scanner doesn't clean. Only reports.

Using Internet Explorer please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

Click "I accept"

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save report button.
  • Call it Kaspersky.txt
  • Expand the arrow beside "file types" and save as .txt file.
    http://i266.photobucket.com/albums/ii277/s...Kas-Savetxt.gif
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

*Note2
If you have Internet Explorer 7 installed:
If you have trouble getting past the initial download you may need to use the "zoom" tool at bottom right of the scanner window and decrease it to 75% to see and press the "accept" button.
Page will reload and you should be able to carry on scan.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#7 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 17 April 2008 - 08:37 PM

Hi,

Sorry for delay. I was working.

np i thank u for all the time u hav put in.

Install anything new just before these prompts started?


not sure, they just started randomly

What is it you have to do to re-create the errors?

well orignally it was for stuff like run or cmd, but after running the reccomemded scanners in the tutorial now it only happens with one thing. If i go to msconfig and click OK even without making any changes it will still give me the same error. The funny thing is that even though it says I dont have the rights it will still shut down a service or startup entry.

I will try and run the scanner over the weekend if i can

#8 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 18 April 2008 - 02:30 PM

Hi,

How long ago did this start to happen?

Download this tool and save it to your system32 folder (c:\windows\system32)

Then click start> run> type cmd and hit enter.

Type the following commands and hit enter after each:

swwhoami > c:\whoami.txt
notepad c:\whoami.txt


Post results of log.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#9 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 18 April 2008 - 04:43 PM

How long ago did this start to happen?


about one month ago

Download this tool and save it to your system32 folder (c:\windows\system32)


i assume you mean this

here is the log

Username: FAMILYROOM\Owner
  SID: S-1-5-21-1844237615-920026266-1060284298-1004
  Days since last password change: 116
  Privilege: 2 (USER_PRIV_ADMIN)
  Home directory: 
  Comment: ''
  Flags: 66081 (UF_SCRIPT, UF_PASSWD_NOTREQD, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
  Script path: 
  Operator privilege: 0 ()
  Full name: 
  User comment: ''
  Parms: ''
  Workstations: 
  Last logon time: 18 April 2008 8:59:42 PM
  Last logoff time: unknown
  Account expires: never
  Maximum discspace: unlimited
  Units per week: 168
  Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
			  0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
			  0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
  Bad password count: 0
  Total logins count: 1283
  Logonserver: \\*
  Countrycode: 0
  Codepage: 0
  User ID: 1004
  Primary Group ID: 513
  Profile path: 
  Home directory: 
  Password is not expired

Groups: ----------------------------------------------------------------------
FAMILYROOM\None (S-1-5-21-1844237615-920026266-1060284298-513)
Everyone (S-1-1-0)
FAMILYROOM\Administrators (S-1-5-32-544)
FAMILYROOM\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-64623)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(0) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(0) SeSecurityPrivilege = Manage auditing and security log
(0) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(0) SeSystemProfilePrivilege = Profile system performance
(0) SeSystemtimePrivilege = Change the system time
(0) SeProfileSingleProcessPrivilege = Profile single process
(0) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(0) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(0) SeShutdownPrivilege = Shut down the system
(0) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(0) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(0) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(0) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FAMILYROOM
ComSpec=C:\WINDOWS\system32\cmd.exe
defs=C:\Documents
drive=C:\ASPCD\host
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\FAMILYROOM
main=C:\Documents and settings\Owner\desktop
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
PANGO_WIN32_NO_UNISCRIBE=anything
Path=C:\Documents and Settings\Owner\Desktop\test\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Universal Extractor\bin;C:\PROGRA~1\TIEDUC~1\TI-83P~1\UTILS;C:\WINDOWS;C:\WINDOWS\COMMAND
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=080a
ProgramFiles=C:\Program Files
PROMPT=$p$g
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\OWNER\LOCALS~1\Temp
TI83PLUSDIR=C:\PROGRA~1\TIEDUC~1\TI-83P~1
TMP=C:\DOCUME~1\OWNER\LOCALS~1\Temp
USERDOMAIN=FAMILYROOM
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
winbootdir=C:\WINDOWS
windir=C:\WINDOWS
WORK=C:\Documents and settings\Owner\desktop\alldirs
working=C:\Documents and Settings\Owner\Desktop\alldirs

Edited by powerjuce, 18 April 2008 - 04:50 PM.


#10 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 19 April 2008 - 04:19 AM

Hi,

Silly me I forgot the swwhoami link.
I see you found it OK though :thumbsup:

Have you been able to run that Kaspersky scan?
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#11 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 21 April 2008 - 05:46 PM

Have you been able to run that Kaspersky scan

no, as in it was not running.

When i ran it all i got was a access denied error. I proceded to disable all my firewalls, all of mcafee, spybot and process lasso.

It still gave me the same error. Then i tried to run it on IE7, IE6, IE 5(Yes i have a copy :thumbsup: ). Firefox, netscape and the opera browser all of them gave me the same error.

Is there another scan that I can run?

Edited by powerjuce, 21 April 2008 - 05:47 PM.


#12 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 21 April 2008 - 09:43 PM

Hi,

You have both McAfee firewall & Sygate running?
If so -- best to disable one firewall. Having 2 running will conflict.

Try this scanner: (IE only)

Go here to run an online scannner from ESET.
http://www.eset.eu/online-scanner
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.

Thanks :thumbsup:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#13 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 22 April 2008 - 06:38 AM

You have both McAfee firewall & Sygate running?

Yea i do, i just prefer the Sygate firewall and i id not feel like disableing the other one.

Try this scanner: (IE only)

IE7 will work with this correct?

and thanks for the other scan, i will try and run the scan 2nite

#14 powerjuce

powerjuce
  • Topic Starter

  • Members
  • 321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:30 PM

Posted 22 April 2008 - 09:19 PM

well here is the scan
it deleted one thing

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3047 (20080422)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=fc8553ba99444343a4139311c6f0466b
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-04-23 02:12:12
# local_time=2008-04-22 10:12:12 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=244595
# found=1
# scan_time=11270
C:\WINDOWS\SYSTEM32\prmrsr.exe probably a variant of Win32/Genetik trojan (unable to clean - deleted)

#15 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:05:30 PM

Posted 23 April 2008 - 12:39 AM

Hi and thanks :thumbsup:

Looks like you have Windows firewall running too..
Best disable that as well.
Before you disable it though ..
Open Windows Firewall in control panel.
Click exceptions tab.
Hilight entry for prmrsr.exe and delete it.
Then disable windows firewall & OK your way out.

If you like Sygate over McAfee firewall -- disable McAfee's.
You will gain nothing by having more than one firewall running.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Open the extracted SDFix folder and double click RunThis.bat to start the script.

You will see several choices. (1,2,3,A,B,C,D,U,E)
We just want a log.

Type A & hit enter.
It will take a few minutes to complete the scan. Wait till the log pops up.

Post the C:\SystemReport.txt

Thanks :blink:
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users