Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Email Contact List Virus


  • This topic is locked This topic is locked
2 replies to this topic

#1 banducci21

banducci21

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:36 PM

Posted 06 June 2008 - 05:43 PM

a virus is causing my email to send an email to my contact list. the email subject line is: 'good game, I've played for a moment for free.='

here are the logs from Deckard

the first one is the main

Deckard's System Scanner v20071014.68
Run by Scott Cereghino on 2008-06-06 16:26:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
58: 2008-06-06 21:26:28 UTC - RP578 - Deckard's System Scanner Restore Point
57: 2008-06-06 17:33:53 UTC - RP577 - System Checkpoint
56: 2008-06-05 17:22:28 UTC - RP576 - System Checkpoint
55: 2008-06-04 16:37:29 UTC - RP575 - System Checkpoint
54: 2008-06-03 15:40:42 UTC - RP574 - System Checkpoint


-- First Restore Point --
1: 2008-03-10 22:27:42 UTC - RP521 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 3.76 GiB (less than 15%) free.


-- HijackThis (run as Scott Cereghino.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:29 PM, on 6/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\iPass\iPassConnect Elekta Remote\iPCAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe
C:\Program Files\iPass\iPassConnect Elekta Remote\downloader\ipccheck.exe
C:\OfficeScan NT\RAUAgent.exe
C:\WINDOWS\checkpwd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\System32\TpScrLk.exe
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\CardScan\CardScan\CardScanAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPass\iPassConnect Elekta Remote\IPassConnectGUI.exe
C:\Program Files\Handspring\HOTSYNC.EXE
C:\Program Files\iPass\iPassConnect Elekta Remote\iPassConnectEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Cisco Systems\VPN Client\ipseclog.exe
C:\OfficeScan NT\PccNTMon.EXE
C:\OfficeScan NT\tmlisten.exe
C:\OfficeScan NT\ntrtscan.exe
C:\OfficeScan NT\ofcdog.exe
C:\Documents and Settings\scott cereghino\Desktop\dss.exe
C:\DOCUME~1\SCOTTC~1\LOCALS~1\TEMPOR~1\Content.IE5\KBZPAOGU\Scott Cereghino.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://drudgereport.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.102.103.16:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\IBMTools\Updater\ucstartup.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [Print Screen Deluxe] C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe /m
O4 - HKLM\..\Run: [RemoteAgent] C:\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [ernie] c:\ERN\check-status-run.vbs
O4 - HKLM\..\Run: [checkpwd.exe] C:\WINDOWS\checkpwd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPKBDLED] C:\WINDOWS\System32\TpScrLk.exe
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CardScanAgent] "C:\Program Files\CardScan\CardScan\CardScanAgent.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: iPassConnect Elekta Remote.lnk = C:\Program Files\iPass\iPassConnect Elekta Remote\IPassConnectGUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\ThinkPad\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://impac.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = unitedstates.gamlin.elekta.com
O17 - HKLM\Software\..\Telephony: DomainName = unitedstates.gamlin.elekta.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = unitedstates.gamlin.elekta.com
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect Elekta Remote\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect Elekta Remote\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\OfficeScan NT\ntrtscan.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\OfficeScan NT\tmlisten.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 13441 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 CCDevice - c:\windows\system32\drivers\ccdevice.sys <Not Verified; Altiris; Carbon Copy>
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 MDC80211 (iPass Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc80211.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.7) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.7>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 AlKernel (Altiris Kernel Driver) - c:\windows\system32\drivers\alkernel.sys

S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 w22n51 (Intel® PRO/Wireless 2200 Adapter Driver) - c:\windows\system32\drivers\w22n51.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AClient (Altiris Client Service) - c:\program files\altiris\aclient\aclient.exe -service <Not Verified; Altiris, Inc.; Altiris Client Agent for Windows>
R2 AeXNSClient (Altiris Agent) - c:\program files\altiris\altiris agent\aexnsagent.exe <Not Verified; Altiris, Inc.; Altiris Agent>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 CarbonCopy32 (Altiris Carbon Copy) - c:\windows\system32\ccsrvc.exe <Not Verified; Altiris; Carbon Copy>
R2 iPCAgent - c:\program files\ipass\ipassconnect elekta remote\ipcagent.exe <Not Verified; iPass, Inc.; iPCAgent Module>
R2 ntrtscan (OfficeScanNT RealTime Scan) - c:\officescan nt\ntrtscan.exe <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 tmlisten (OfficeScanNT Listener) - c:\officescan nt\tmlisten.exe
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe
R3 iPassConnectEngine - c:\program files\ipass\ipassconnect elekta remote\ipassconnectengine.exe <Not Verified; iPass; iPassConnectEngine Module>

S3 magaService (Lan Discover Agent) - c:\program files\sygate\ssa\maga\maga.exe <Not Verified; Sygate Technologies, Inc.; Maga Application>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-06-03 21:25:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2006-05-12 17:00:40 318 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-05-06 and 2008-06-06 -----------------------------

2008-05-19 14:18:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Roxio
2008-05-19 14:18:20 0 d-------- C:\Documents and Settings\scott cereghino\Application Data\Roxio


-- Find3M Report ---------------------------------------------------------------

2008-05-07 14:54:31 41 --a------ C:\AClient.dat
2008-05-05 15:00:10 0 d-------- C:\Documents and Settings\scott cereghino\Application Data\Apple Computer
2008-05-05 14:59:52 0 d-------- C:\Program Files\iTunes
2008-05-05 14:59:38 0 d-------- C:\Program Files\iPod
2008-05-05 14:58:39 0 d-------- C:\Program Files\Bonjour
2008-05-05 14:58:21 0 d-------- C:\Program Files\QuickTime
2008-05-05 14:56:55 0 d-------- C:\Program Files\Apple Software Update
2008-05-05 14:55:47 0 d-------- C:\Program Files\Common Files
2008-05-05 14:55:47 0 d-------- C:\Program Files\Common Files\Apple


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [10/12/2001 02:32 AM C:\WINDOWS\system32\S3Tray2.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [09/15/2005 12:57 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [09/15/2005 12:57 PM]
"BluetoothAuthenticationAgent"="irprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\irprops.cpl]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [03/10/2004 01:10 PM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [10/28/2005 06:04 PM]
"TP4EX"="tp4ex.exe" [10/17/2005 12:11 AM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [11/17/2005 01:22 AM]
"AGRSMMSG"="AGRSMMSG.exe" [06/27/2003 11:53 AM C:\WINDOWS\AGRSMMSG.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/25/2005 08:00 PM]
"UC_Start"="C:\IBMTools\Updater\ucstartup.exe" [03/17/2003 06:27 PM]
"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [10/16/2002 03:59 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/21/2003 06:00 PM]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [08/19/2003 04:01 AM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [10/22/2003 04:04 AM]
"OfficeScanNT Monitor"="C:\OfficeScan NT\pccntmon.exe" [09/16/2004 05:02 AM]
"eCopy Desktop Printer Service"="C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe" [10/14/2003 07:30 PM]
"Print Screen Deluxe"="C:\Program Files\American Systems\Print Screen Deluxe\psdeluxe.exe" [02/24/1999 12:51 PM]
"RemoteAgent"="C:\OfficeScan NT\RAUAgent.exe" [03/17/2004 08:19 PM]
"ernie"="c:\ERN\check-status-run.vbs" [10/31/2005 02:23 PM]
"checkpwd.exe"="C:\WINDOWS\checkpwd.exe" [05/27/2005 09:47 AM]
"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [01/28/2005 11:20 AM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [04/20/2005 12:38 AM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [04/20/2005 12:38 AM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [04/20/2005 12:38 AM]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [04/20/2005 12:38 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 08:11 AM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/23/2004 11:41 AM]
"TPKBDLED"="C:\WINDOWS\System32\TpScrLk.exe" [10/08/2002 09:28 PM]
"PRONoMgrWired"="C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [08/06/2003 03:08 PM]
"AeXAgentLogon"="C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe" [03/27/2007 07:58 PM]
"Dell AIO Printer A960"="C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" [09/21/2003 10:21 AM]
"AClntUsr"="C:\Program Files\Altiris\AClient\AClntUsr.EXE" [06/05/2008 03:17 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [11/11/2004 05:14 PM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [01/07/2005 05:30 PM]
"CardScanAgent"="C:\Program Files\CardScan\CardScan\CardScanAgent.exe" [06/16/2006 04:55 PM]
"@"="" []
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [04/23/2007 12:43 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IBM RecordNow!"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 02:56 AM]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/21/2003 06:00 PM]
"CardScan AutoSync"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]

C:\Documents and Settings\scott cereghino\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Handspring\HOTSYNC.EXE [5/24/2006 9:30:39 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [12/29/2005 12:28:03 PM]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [5/15/2006 8:21:48 AM]
iPassConnect Elekta Remote.lnk - C:\Program Files\iPass\iPassConnect Elekta Remote\IPassConnectGUI.exe [12/29/2005 12:25:38 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6335921a-2cd2-11db-8e72-00059a3c7800}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3247bda-1af5-11dc-8f1a-00059a3c7800}]
AutoRun\command- E:\Launch.exe




-- End of Deckard's System Scanner: finished at 2008-06-06 16:33:52 ------------




this was the extra:

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 72%
Physical Memory (total/avail): 510.92 MiB / 139.01 MiB
Pagefile Memory (total/avail): 1249.26 MiB / 778.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.25 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 3.76 GiB free.
D: is CDROM (No Media)
S: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX RoHS - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Sygate Security Agent v4.6 (Sygate Technologies, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Altiris\\aclient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\aclient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Altiris\\aclient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\aclient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\scott cereghino\Application Data
CLASSPATH=.;C:\Program Files\IBM\Java141\jre\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CEREGHINO
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\scott cereghino
HOMESHARE=\\atlanta22\home
LOGONSERVER=\\ATLANTA24
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\IBM\Java141\jre\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SCOTTC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\SCOTTC~1\LOCALS~1\Temp
USERDNSDOMAIN=unitedstates.gamlin.elekta.com
USERDOMAIN=UNITEDSTATES
USERNAME=Scott Cereghino
USERPROFILE=C:\Documents and Settings\scott cereghino
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

melissa chapman (admin)
Ramon_Creese (admin)
scott cereghino (admin)
atladmin.UNITEDSTATES (admin)
Ramon Creese (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
--> C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
--> MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
--> MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
--> MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Access IBM Cleanup Utility --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Agere Systems AC'97 Modem --> agrsmdel
Altiris Carbon Copy Solution Agent --> MsiExec.exe /X{332454D8-73B0-4b4a-954C-D96089CD898A}
Altiris Carbon Copy Solution Agent 6.2 --> MsiExec.exe /x {332454D8-73B0-4b4a-954C-D96089CD898A} /qf
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /i{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
BlackBerry Desktop Software 4.2.2 --> MsiExec.exe /I{9B449C1A-4F64-4ED4-8C96-31B222E8377F}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
CardScan 8.0 --> MsiExec.exe /I{69ABC88C-654F-417C-97A7-4524F7DC0D04}
Dell AIO Printer A960 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBFUN5C.EXE -dDell AIO Printer A960
Dell Client Manager Agent --> MsiExec.exe /X{00293E7E-A756-42B3-A555-202D352A3021}
Dell Picture Studio - Dell Image Expert --> MsiExec.exe /I{151C555A-A9E7-4A2E-B6D7-165D04A3C956}
eCopy Desktop --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Uninstall\eD\setup.exe" -l0x9
Elekta VPN Support KIT --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\vpnkit.inf
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\scott cereghino\Local Settings\Temporary Internet Files\Content.IE5\KBZPAOGU\HijackThis.exe" /uninstall
IBM 11a/b/g Wireless LAN Mini PCI Adapter Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB45BBE5-5F76-4753-8DC5-A0F118DEEDF7}\SETUP.EXE" UNINSTALL
IBM 32-bit SDK for Java 2, v1.4.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Support --> wscript "C:\Program Files\Support.com\bin\uninstall.vbs" -uninstall -release1
IBM Access Support - Local Content Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E34AB5C-B893-4EE9-82F3-F195978D009D}\Setup.exe" -l0x9
IBM DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM Update Connector --> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{16906D21-0656-4F8B-9A01-C3D24B5401FC}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPassConnect Elekta Remote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000021212}\setup.exe"
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus Notes 6.5.1 --> MsiExec.exe /I{9DDA34DA-4127-49A7-89D5-7D37B98218B4}
Macromedia Flash Player 8 --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{7279647E-8661-48DF-998E-E7DCC3E6955D}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
Paint Shop Pro 7 --> MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A}
Palm Desktop and Synchronization Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
Print Screen Deluxe --> C:\WINDOWS\amuninst.exe -fC:\WINDOWS\unpsd.ini
Print to Fax --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\setup.exe" -l0x9 ControlPanel
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
ReadIRIS --> MsiExec.exe /X{42732288-A935-11D5-AB3E-000102B0F79A}
Roxio Media Manager --> MsiExec.exe /X{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}
Scroll Lock Indicator Utility --> RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\System32\TpScrLk.inf
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sofon --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Sofon\Sofon Configurator\Uninst.isu"
Software Installer --> swiif.exe /U
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spin Stops Here 2 Screen Saver --> /U
Support.com Software --> wscript "C:\Program Files\Support.com\bin\admins.vbs"
Sygate Security Agent 4.1 --> MsiExec.exe /I{D65EE19D-6F69-4532-934A-FC456BB6BB93}
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -ITkp0559k.inf -ISFG
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\setup.exe" -l0x9 anything
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
Trend Micro OfficeScan Client --> "C:\OfficeScan NT\ntrmv.exe"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WebEx --> C:\WINDOWS\DOWNLO~1\CONFLICT.1\atcliun.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
ZapNotes --> C:\PROGRA~1\ZapNotes\UNWISE.EXE C:\PROGRA~1\ZapNotes\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type7586 / Error
Event Submitted/Written: 06/06/2008 04:33:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type7585 / Error
Event Submitted/Written: 06/06/2008 04:33:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type7584 / Error
Event Submitted/Written: 06/06/2008 04:33:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type7583 / Error
Event Submitted/Written: 06/06/2008 04:33:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type7582 / Error
Event Submitted/Written: 06/06/2008 04:33:27 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type72383 / Error
Event Submitted/Written: 06/06/2008 04:18:26 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Event Record #/Type72382 / Warning
Event Submitted/Written: 06/06/2008 04:18:26 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Event Record #/Type72381 / Error
Event Submitted/Written: 06/06/2008 04:03:09 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 15 minutes.
NtpClient has no source of accurate time.

Event Record #/Type72380 / Warning
Event Submitted/Written: 06/06/2008 04:03:09 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 15 minutes.

Event Record #/Type72379 / Warning
Event Submitted/Written: 06/06/2008 04:02:56 PM
Event ID/Source: 11194 / DnsApi
Event Description:
The system failed to update and remove host (A) resource records (RRs)
for network adapter
with settings:


Adapter Name : {B05E07BB-0FBC-4AD2-BF35-B4F920A873B8}

Host Name : CEREGHINO

Primary Domain Suffix : unitedstates.gamlin.elekta.com

DNS server list :

10.103.103.8, 10.103.103.9

Sent update to server : 10.1.1.1

IP Address(es) :

10.154.1.2


The reason for this failure is because the DNS server sent the update
either (a) does not support the DNS dynamic update protocol, or (:thumbsup: the
authoritative zone for the DNS domain name specified in these A RRs does
not currently accept DNS dynamic updates.



-- End of Deckard's System Scanner: finished at 2008-06-06 16:33:52 ------------

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:03:36 PM

Posted 02 July 2008 - 01:27 PM

Hello banducci21. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine)

We apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

If you still would like help, please follow the following instructions:
Please run Deckard's System Scanner again, this time using these instructions:
(In the event you lost your copy, you can download a new one from here: Deckard's System Scanner)
  • Click on Start, click on Run
  • Copy and paste the following in the open window and then click OK:
    "%userprofile%\desktop\dss.exe" /config
  • This will open up DSS configuration
  • Click on Check All.
  • Click Scan.
    DSS will now run again.
  • Please post back both logs that open in notepad.
    Main.txt and Extra.txt
Next
Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
In your next reply, please make sure the following reports are present:
  • The Kaspersky scan report
  • DSS's Main.txt
  • DSS's Extra.txt

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:05:36 PM

Posted 05 July 2008 - 06:18 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users