Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can Not Get Rid Of Ie Defender


  • Please log in to reply
1 reply to this topic

#1 norm58

norm58

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 April 2008 - 01:50 PM

I have ran Smitfraudfix, but that did not get rid of it.Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.20GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 502.48 MiB / 282.93 MiB
Pagefile Memory (total/avail): 1227.68 MiB / 1055.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.21 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 47.37 GiB free.
D: is CDROM (CDFS)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe:*:Enabled:Manual Update"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe:*:Enabled:Manual Update"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe:*:Enabled:Apply TDS Patch"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe:*:Enabled:Update Database"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\tabman.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\tabman.exe:*:Enabled:Tabman Executable"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\syspage.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\syspage.exe:*:Enabled:System Page"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe:*:Enabled:Testman Executable"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe:*:Enabled:CodeServer Daemon"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe:*:Enabled:XML Registry Daemon"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe:*:Enabled:TDS Network Configuration"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\swupdwizard.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\swupdwizard.exe:*:Enabled:Software Update Wizard"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ptchapply.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ptchapply.exe:*:Enabled:Apply TDS Patch"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdb.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdb.exe:*:Enabled:Update Database"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\starburst.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\starburst.exe:*:Enabled:StarBurst"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\engineeringfeedback.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\engineeringfeedback.exe:*:Enabled:Engineering Feedback"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\systemdiagnostic.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\systemdiagnostic.exe:*:Enabled:System Diagnostic Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vmm.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vmm.exe:*:Enabled:VMM System Diagnostic Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c402.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c402.exe:*:Enabled:C402 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c403.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c403.exe:*:Enabled:C403 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c407.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c407.exe:*:Enabled:C407 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c412.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c412.exe:*:Enabled:C412 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c413.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c413.exe:*:Enabled:C413 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\lvpcheck.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\lvpcheck.exe:*:Enabled:LVP Check Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\networkactivation.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\networkactivation.exe:*:Enabled:LAN Connectivity Activation"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Country\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MC-FORD-TOUGHBO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Country
LOGONSERVER=\\MC-FORD-TOUGHBO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Ford Motor Company\IDS\Runtime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Country\LOCALS~1\Temp
TMP=C:\DOCUME~1\Country\LOCALS~1\Temp
USERDOMAIN=MC-FORD-TOUGHBO
USERNAME=Country
USERPROFILE=C:\Documents and Settings\Country
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Country (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Battery Recalibration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}\Setup.exe"
Calibration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{097FE1B7-B186-426B-A4EC-D1D9D21D3099}\setup.exe" -l0x9 -removeonly
Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL9.isu
Display Rotation Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6A55E65-1784-4E84-8EAA-DB4386E11ACF}\Setup.exe" -l0x9
DMI Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5639BE8E-33DA-402A-B414-1FBED9CC50E1}\Setup.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HotKey Appendix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D39011-AD99-4980-ADF9-B8202173668D}\Setup.exe" -l0x9
Hotkey Driver for Panasonic PC --> wscript.exe C:\WINDOWS\system32\HKUNINST.vbs
Hotkey Plus Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CB41492-DF16-4100-B2F8-7E007D858AF3}\Setup.exe" -l0x9
Hotkey Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEEFA812-64A6-4083-BB38-87F68B6BA820}\Setup.exe"
IC4 Interface Device by SU Enterprise, Inc. --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}\Setup.exe" -l0x9 IC4USB32
Icon Enlarger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93994589-6A13-49BE-8AF6-12AAC9A28529}\Setup.exe"
IDS --> C:\Program Files\InstallShield Installation Information\{91DE1A85-7350-458A-B674-D7C8F3476299}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Panasonic Hand Writing 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5408344D-95C0-486A-9539-36EBBACADC68}\Setup.exe"
PC Information Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30348D0E-37F0-41EE-869B-F0441A87FFEC}\Setup.exe" -l0x9
SD Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B18C20D2-A3E9-422D-9136-99B5BDD6565D}\Setup.exe" -l0x9
Software Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B3181-280F-409C-BCC9-C69BE63688AE}\Setup.exe" -l0x9
touchpad/touchscreen --> Fidmouu.exe
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3029 / Error
Event Submitted/Written: 04/11/2008 11:03:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3028 / Error
Event Submitted/Written: 04/11/2008 10:01:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3027 / Error
Event Submitted/Written: 04/11/2008 10:00:57 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3026 / Error
Event Submitted/Written: 04/11/2008 10:00:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3025 / Error
Event Submitted/Written: 04/11/2008 09:57:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13212 / Error
Event Submitted/Written: 04/11/2008 08:06:25 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type13211 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type13210 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type13209 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type13208 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-11 11:48:00 ------------
Deckard's System Scanner v20071014.68
Run by Country on 2008-04-11 11:45:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.20GHz
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 502.48 MiB / 282.93 MiB
Pagefile Memory (total/avail): 1227.68 MiB / 1055.99 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.21 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 47.37 GiB free.
D: is CDROM (CDFS)
E: is Removable (FAT)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ManualUpdate.exe:*:Enabled:Manual Update"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\manualcalibration.exe:*:Enabled:Manual Update"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\patchapply.exe:*:Enabled:Apply TDS Patch"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdbupdate.exe:*:Enabled:Update Database"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\tabman.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\tabman.exe:*:Enabled:Tabman Executable"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\syspage.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\syspage.exe:*:Enabled:System Page"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\testman.exe:*:Enabled:Testman Executable"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\CodeServeD.exe:*:Enabled:CodeServer Daemon"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\XMLRegistryD.exe:*:Enabled:XML Registry Daemon"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\TDSNetConfig.exe:*:Enabled:TDS Network Configuration"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\swupdwizard.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\swupdwizard.exe:*:Enabled:Software Update Wizard"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ptchapply.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ptchapply.exe:*:Enabled:Apply TDS Patch"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdb.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\rtdb.exe:*:Enabled:Update Database"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\starburst.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\starburst.exe:*:Enabled:StarBurst"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\engineeringfeedback.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\engineeringfeedback.exe:*:Enabled:Engineering Feedback"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\systemdiagnostic.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\systemdiagnostic.exe:*:Enabled:System Diagnostic Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vmm.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vmm.exe:*:Enabled:VMM System Diagnostic Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c402.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c402.exe:*:Enabled:C402 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c403.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c403.exe:*:Enabled:C403 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c407.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c407.exe:*:Enabled:C407 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c412.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c412.exe:*:Enabled:C412 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c413.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\probes\\c413.exe:*:Enabled:C413 Cable Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\lvpcheck.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\lvpcheck.exe:*:Enabled:LVP Check Test Application"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\vcl_pc.exe:*:Enabled:VCL_PC MFC Application EZTech"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\networkactivation.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\networkactivation.exe:*:Enabled:LAN Connectivity Activation"
"C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe"="C:\\Program Files\\Ford Motor Company\\IDS\\Runtime\\ProbeTickHandler.exe:*:Enabled:ProbeTickHandler executable"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Country\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MC-FORD-TOUGHBO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Country
LOGONSERVER=\\MC-FORD-TOUGHBO
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Ford Motor Company\IDS\Runtime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Country\LOCALS~1\Temp
TMP=C:\DOCUME~1\Country\LOCALS~1\Temp
USERDOMAIN=MC-FORD-TOUGHBO
USERNAME=Country
USERPROFILE=C:\Documents and Settings\Country
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Country (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agere Systems AC'97 Modem --> agrsmdel
Battery Recalibration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD5C2205-7BAD-4B87-BF9A-2BAC626B29C8}\Setup.exe"
Calibration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{097FE1B7-B186-426B-A4EC-D1D9D21D3099}\setup.exe" -l0x9 -removeonly
Data Access Objects (DAO) 3.5 --> C:\Program Files\Common Files\Microsoft Shared\DAO\Remove.EXE C:\WINDOWS\UNINST.EXE -fC:\PROGRA~1\COMMON~1\MICROS~1\DAO\DeIsL9.isu
Display Rotation Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6A55E65-1784-4E84-8EAA-DB4386E11ACF}\Setup.exe" -l0x9
DMI Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5639BE8E-33DA-402A-B414-1FBED9CC50E1}\Setup.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HotKey Appendix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D39011-AD99-4980-ADF9-B8202173668D}\Setup.exe" -l0x9
Hotkey Driver for Panasonic PC --> wscript.exe C:\WINDOWS\system32\HKUNINST.vbs
Hotkey Plus Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CB41492-DF16-4100-B2F8-7E007D858AF3}\Setup.exe" -l0x9
Hotkey Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEEFA812-64A6-4083-BB38-87F68B6BA820}\Setup.exe"
IC4 Interface Device by SU Enterprise, Inc. --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}\Setup.exe" -l0x9 IC4USB32
Icon Enlarger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93994589-6A13-49BE-8AF6-12AAC9A28529}\Setup.exe"
IDS --> C:\Program Files\InstallShield Installation Information\{91DE1A85-7350-458A-B674-D7C8F3476299}\setup.exe -runfromtemp -l0x0009 -removeonly
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Panasonic Hand Writing 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5408344D-95C0-486A-9539-36EBBACADC68}\Setup.exe"
PC Information Viewer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30348D0E-37F0-41EE-869B-F0441A87FFEC}\Setup.exe" -l0x9
SD Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B18C20D2-A3E9-422D-9136-99B5BDD6565D}\Setup.exe" -l0x9
Software Keyboard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B3181-280F-409C-BCC9-C69BE63688AE}\Setup.exe" -l0x9
touchpad/touchscreen --> Fidmouu.exe
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type3029 / Error
Event Submitted/Written: 04/11/2008 11:03:32 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3028 / Error
Event Submitted/Written: 04/11/2008 10:01:01 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3027 / Error
Event Submitted/Written: 04/11/2008 10:00:57 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3026 / Error
Event Submitted/Written: 04/11/2008 10:00:39 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3025 / Error
Event Submitted/Written: 04/11/2008 09:57:55 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13212 / Error
Event Submitted/Written: 04/11/2008 08:06:25 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type13211 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Event Record #/Type13210 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type13209 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type13208 / Error
Event Submitted/Written: 04/11/2008 08:00:22 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2008-04-11 11:48:00 ------------


Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
68: 2008-04-11 16:45:45 UTC - RP304 - Deckard's System Scanner Restore Point
67: 2008-04-10 20:33:17 UTC - RP303 - Software Distribution Service 3.0
66: 2008-04-09 08:00:26 UTC - RP302 - Software Distribution Service 3.0
65: 2008-04-08 19:23:38 UTC - RP301 - System Checkpoint
64: 2008-04-04 19:03:01 UTC - RP300 - System Checkpoint


-- First Restore Point --
1: 2008-01-14 15:50:43 UTC - RP237 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-11 11:47:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Panasonic\HPLSMAN\HPLSMan.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Panasonic\DispRot\IDRot.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\XMLRegistryD.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\starburst.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\engineeringfeedback.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\CodeServeD.exe
C:\Program Files\Panasonic\DispRot\IDRot.exe
C:\Program Files\Panasonic\WRITING\WRITING.EXE
C:\Program Files\Panasonic\MEISKB\MEISKB.exe
C:\Program Files\Ford Motor Company\IDS\Runtime\TDSNetConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Country\Application Data\U3\000015672B62547C\LaunchPad.exe
E:\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Tabman Control BHO - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - (no file)
O2 - BHO: TM_BHO Class - {60EC89B7-367D-402B-8C55-30FAEB32A705} - C:\Program Files\Ford Motor Company\IDS\Runtime\tmctrlbho.dll
O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\WINDOWS\system32\bDivX.dll
O4 - HKLM\..\Run: [TDSReanimator] "C:\Program Files\Common Files\Teradyne\TDSReanimator.exe"
O4 - HKLM\..\Run: [Starburst] "C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe"
O4 - HKLM\..\Run: [Feedback] "C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe"
O4 - HKLM\..\Run: [ProbeTickHandler] "C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Display Rotation Tool.lnk = C:\Program Files\Panasonic\DispRot\IDRot.exe
O4 - Global Startup: Panasonic Hand Writing.lnk = C:\Program Files\Panasonic\WRITING\Writing.exe
O4 - Global Startup: Software Keyboard.lnk = C:\Program Files\Panasonic\MEISKB\meiskb.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: Unknown 'myui' protocol is in Trusted Zone (HKLM)
O15 - ProtocolDefaults: Unknown 'myrm' protocol is in Trusted Zone (HKLM)
O16 - DPF: {53D40FAA-4E21-459F-AA87-E4D97FC3245A} (InstallShield Setup Player V12) - http://www.nsapp.fordtechservice.dealercon...IDS50/setup.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1158182154500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3D00EFCE-A44C-449B-ADCA-6B395A14E0C4}: NameServer = 64.40.70.26,64.40.75.20
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{79533F88-08CD-4897-8F0C-98E3E7A70B3E}: NameServer = 65.43.19.26,206.141.192.60
O20 - Winlogon Notify: HPLSNTF - C:\WINDOWS\system32\HPLSNtf.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TDSNetSetup - Unknown owner - C:\Program Files\Common Files\Teradyne\TDSNetSetup.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\winvnc4.exe


--
End of file - 5139 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 brecal (Panasonic Battery Recalibration Driver) - c:\program files\panasonic\brecal\brecal.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic Personal Computer>
R2 pcinfo (Panasonic PC Info. Viewer Driver) - c:\program files\panasonic\pcinfo\pcinfo.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic Personal Computer>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 SDKEY (Panasonic SD Misc. Function Driver) - c:\program files\panasonic\sdkey\sdkey.sys <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; Panasonic SD Utility>

S1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
S3 MOSUMAC (USB-Ethernet Driver) - c:\windows\system32\drivers\mosumac.sys <Not Verified; --; NDIS-WDM Driver for USB-Ethernet Adapter>
S3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
S3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
S3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
S3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 TDSNetSetup - "c:\program files\common files\teradyne\tdsnetsetup.exe" "c:\program files\ford motor company\ids\runtime"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10008086&REV_05\4&1D3F0FBB&0&18F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10008086&REV_05\4&1D3F0FBB&0&18F0
Service: w29n51


-- Files created between 2008-03-11 and 2008-04-11 -----------------------------

2008-04-11 11:21:09 0 d-------- C:\Documents and Settings\Country\Application Data\U3
2008-04-11 08:00:52 944 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-10 12:53:06 0 dr-h----- C:\Documents and Settings\Country\Recent
2008-04-10 12:40:27 0 d-------- C:\Program Files\XoftSpySE
2008-03-12 08:18:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-03-12 07:34:01 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-04-10 12:31:47 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-03-25 09:17:28 0 d-------- C:\Documents and Settings\Country\Application Data\Adobe
2008-03-12 08:18:53 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D99BACC6-6289-4D4F-8BAF-4192016AF547}]
10/24/2007 02:51 PM 245760 --a------ C:\WINDOWS\system32\bDivX.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TDSReanimator"="C:\Program Files\Common Files\Teradyne\TDSReanimator.exe" [07/30/2007 07:05 AM]
"Starburst"="C:\Program Files\Ford Motor Company\IDS\Runtime\Starburst.exe" [10/04/2007 04:18 PM]
"Feedback"="C:\Program Files\Ford Motor Company\IDS\Runtime\EngineeringFeedback.exe" [10/04/2007 04:18 PM]
"ProbeTickHandler"="C:\Program Files\Ford Motor Company\IDS\Runtime\ProbeTickHandler.exe" [07/30/2007 07:06 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [10/23/2006 1:48:20 AM]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
Display Rotation Tool.lnk - C:\Program Files\Panasonic\DispRot\IDRot.exe [7/14/2005 6:18:09 PM]
Panasonic Hand Writing.lnk - C:\Program Files\Panasonic\WRITING\Writing.exe [7/14/2005 6:19:14 PM]
Software Keyboard.lnk - C:\Program Files\Panasonic\MEISKB\meiskb.exe [7/14/2005 6:22:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\HPLSNTF]
HPLSNtf.dll 06/01/2005 03:02 PM 53248 C:\WINDOWS\system32\HPLSNTF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 10/15/2004 01:27 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- D:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-11 11:48:00 ------------

BC AdBot (Login to Remove)

 


m

#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:08:45 PM

Posted 11 April 2008 - 06:02 PM

Your log shows neither entries for an anti-virus nor a third-party software firewall. Given the lack of basic security programs onboard, the best suggestion I can offer is to back up any important files and then reformat and reinstall Windows.
It is going to be impossible to guarantee a clean computer at the end of the removal process, which makes it something of a waste of my time and yours to start it in the first place. The possibility that legitimate files may have been infected or corrupted by the malware present on your PC, and also that security settings may have been lowered making your computer more liable to infection in the future, means that starting over is the easiest and most reliable solution to your problems.

Fixing the following line may solve the obvious problem you have, but I wouldn't rely on the security of the PC in future until you've reformatted and installed an anti-virus and a firewall.
Run HijackThis as you did to generate a log, but this time click on 'Do a system scan only'.
Place a checkmark in the boxes to the left of the following entries, by clicking on them:

O2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\WINDOWS\system32\bDivX.dll

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HJT and click on Fix checked

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users