Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win.32.small.r Trojan


  • This topic is locked This topic is locked
5 replies to this topic

#1 Leis23

Leis23

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 06 June 2008 - 10:37 PM

hi, my pc got infected with the win.32.small.r virus. i've been trying to remove this with no success.

Deckard's System Scanner v20071014.68
Run by Maria Leah on 2008-06-07 11:21:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-07 03:21:18 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 82% (more than 75%).
Total Physical Memory: 247 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-06-07 11:24:54
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
C:\WINDOWS\system32\QCONSVC.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE
C:\IBMTOOLS\utils\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\TpKmpSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\D-Link\AIRPLUS.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Maria Leah\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NAVShExt.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AIRPLUS] "C:\Program Files\D-Link\AIRPLUS.exe" -nogui
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options Group: [JAVA_IBM] Java (IBM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: D-Link Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPWDSVC.EXE
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\system32\QCONSVC.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVSCAN.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSvc.exe


--
End of file - 10681 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>
R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
R2 ibmfilter - c:\windows\system32\drivers\ibmfilter.sys <Not Verified; IBM; FFE and RRU>
R2 MDC8021X (WPA Security Protocol (IEEE 802.1x) v1.5.1.65) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 1.5>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R3 AR5211 (D-Link Adapter) - c:\windows\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
R3 QCNDISIF - c:\windows\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>

S3 jswimd (jswimd Service) - c:\windows\system32\drivers\jswimd.sys (file missing)
S3 psadd (IBM PSA Access Driver) - c:\windows\system32\drivers\psadd.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ACS (D-Link Configuration Service) - c:\windows\system32\acs.exe
R2 AntiVirScheduler (Avira AntiVir Personal Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation>
R2 IBM Rapid Restore Ultra Service - "c:\program files\ibm\ibm rapid restore ultra\rrpcsb.exe" <Not Verified; ; rrpcsb Module>
R2 QCONSVC - system32\qconsvc.exe <Not Verified; IBM Corp.; IBM ThinkPad Utility>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S3 PsaSrv (IBM PSA Access Driver Control) - c:\windows\system32\psasrv.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-06 20:39:47 540 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Maria Leah.job
2008-06-06 06:11:52 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2008-06-05 08:20:00 298 --a------ C:\WINDOWS\Tasks\BMMTask.job


-- Files created between 2008-05-07 and 2008-06-07 -----------------------------

2008-06-07 00:47:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-07 00:46:02 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-07 00:45:39 0 d-------- C:\WINDOWS\LastGood
2008-06-06 21:41:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 19:17:56 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\HouseCall 6.6
2008-06-06 18:20:52 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-06 18:19:23 0 d-------- C:\Program Files\Spyware Doctor
2008-06-06 18:19:23 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\PC Tools
2008-06-06 11:45:58 0 d-------- C:\MSNCleaner
2008-06-06 09:08:40 0 d-------- C:\Documents and Settings\Owner\Application Data
2008-06-06 09:08:40 0 d-------- C:\Documents and Settings\Owner\Application Data\Symantec
2008-06-06 06:58:42 0 d-------- C:\WINDOWS\network diagnostic
2008-06-06 06:28:25 0 d-------- C:\Program Files\MSXML 4.0
2008-06-06 06:20:05 0 d-------- C:\Program Files\SymNetDrv
2008-06-06 05:06:24 0 d-------- C:\Program Files\Pidgin
2008-06-06 04:31:57 0 d-------- C:\Documents and Settings\Maria Leah\.housecall6.6
2008-06-06 04:31:21 0 d-------- C:\WINDOWS\Sun
2008-06-06 04:31:20 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Sun
2008-06-06 04:27:50 0 d-------- C:\Program Files\Java
2008-06-06 04:24:49 0 d-------- C:\Program Files\Common Files\Java
2008-06-05 18:02:18 0 d-------- C:\WINDOWS\system32\PreInstall
2008-06-05 16:59:16 0 d-------- C:\Program Files\Avira
2008-06-05 16:59:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 16:54:43 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\gtk-2.0
2008-06-05 16:51:50 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\.purple
2008-06-05 16:47:45 0 d-------- C:\Program Files\Common Files\GTK
2008-06-05 16:21:09 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Adobe
2008-06-05 16:19:39 1160 --a------ C:\WINDOWS\mozver.dat
2008-06-05 16:15:21 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-05 16:14:57 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Mozilla
2008-06-05 16:06:44 0 d-------- C:\Program Files\Google
2008-06-05 15:58:46 13824 -----n--- C:\WINDOWS\system32\snetcfg.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-05 15:58:46 233606 -----n--- C:\WINDOWS\system32\jswsup.dll
2008-06-05 15:58:20 463104 --a------ C:\WINDOWS\system32\drivers\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
2008-06-05 15:58:20 463104 --a------ C:\WINDOWS\system32\ar5211.sys <Not Verified; D-Link; D-Link Wireless Network Adapter>
2008-06-05 15:58:16 36864 -----n--- C:\WINDOWS\system32\acs.exe
2008-06-05 15:58:06 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-06-05 15:58:04 249856 -----n--- C:\WINDOWS\system32\wgapi.dll <Not Verified; Atheros; Atheros GUI API Library>
2008-06-05 15:58:04 237568 -----n--- C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-06-05 15:58:04 77824 -----n--- C:\WINDOWS\system32\athcfg11res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-06-05 15:58:04 385024 -----n--- C:\WINDOWS\system32\athcfg11.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-06-05 15:58:04 192512 -----n--- C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-06-05 15:58:04 1396835 -r------- C:\WINDOWS\system32\AegisE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2008-06-05 15:56:22 13365 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 1.5>
2008-06-05 15:56:11 0 d-------- C:\temp
2008-06-05 15:53:38 0 -rahs---- C:\MSDOS.SYS
2008-06-05 15:53:37 1726 --a------ C:\WINDOWS\ndinst.exe
2008-06-05 14:50:44 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Macromedia
2008-06-05 14:46:20 0 d-------- C:\Program Files\D-Link
2008-06-05 13:37:30 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-06-05 09:03:47 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-06-05 09:00:52 0 d-------- C:\WINDOWS\Cache
2008-06-05 08:49:37 0 d-------- C:\Program Files\Microsoft Works
2008-06-05 08:49:09 0 d-------- C:\Program Files\MSBuild
2008-06-05 08:46:17 0 d-------- C:\Program Files\Microsoft.NET
2008-06-05 08:42:14 0 d-------- C:\WINDOWS\SHELLNEW
2008-06-05 08:40:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-05 08:38:45 0 dr-h----- C:\MSOCache
2008-06-05 08:34:40 0 d--h----- C:\Documents and Settings\Maria Leah\Templates
2008-06-05 08:34:40 0 dr------- C:\Documents and Settings\Maria Leah\Start Menu
2008-06-05 08:34:40 0 dr-h----- C:\Documents and Settings\Maria Leah\SendTo
2008-06-05 08:34:40 0 dr-h----- C:\Documents and Settings\Maria Leah\Recent
2008-06-05 08:34:40 0 d--h----- C:\Documents and Settings\Maria Leah\PrintHood
2008-06-05 08:34:40 0 d--h----- C:\Documents and Settings\Maria Leah\NetHood
2008-06-05 08:34:40 0 dr------- C:\Documents and Settings\Maria Leah\My Documents
2008-06-05 08:34:40 0 d--h----- C:\Documents and Settings\Maria Leah\Local Settings
2008-06-05 08:34:40 0 dr------- C:\Documents and Settings\Maria Leah\Favorites
2008-06-05 08:34:40 0 d-------- C:\Documents and Settings\Maria Leah\Desktop
2008-06-05 08:34:40 0 d--hs---- C:\Documents and Settings\Maria Leah\Cookies
2008-06-05 08:34:40 0 dr-h----- C:\Documents and Settings\Maria Leah\Application Data
2008-06-05 08:34:40 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Symantec
2008-06-05 08:34:40 0 d-------- C:\Documents and Settings\Maria Leah\Application Data\Identities
2008-06-05 08:34:39 1572864 --ah----- C:\Documents and Settings\Maria Leah\NTUSER.DAT
2008-06-05 08:34:12 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2008-06-05 08:33:57 0 d-------- C:\Documents and Settings\Default User\Application Data\Symantec
2008-06-05 08:33:57 0 d-------- C:\Documents and Settings\Default User\Application Data\Identities
2008-06-05 08:21:13 0 d--hs---- C:\Recycled
2008-06-05 08:19:53 184320 --a------ C:\WINDOWS\TPBATHLP.EXE
2008-06-05 08:19:51 16384 --a------ C:\WINDOWS\system32\drivers\TPPWR.SYS <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2008-06-05 08:18:35 77824 --a------ C:\WINDOWS\system32\WindowsAccessBridge.dll <Not Verified; Sun Microsystems; Sun Microsystems JavaAccessBridge>
2008-06-05 08:18:35 28672 --a------ C:\WINDOWS\system32\JAWTAccessBridge.dll
2008-06-05 08:18:35 139264 --a------ C:\WINDOWS\system32\JavaAccessBridge.dll <Not Verified; Sun Microsystems; Sun Microsystems JavaAccessBridge>
2008-06-05 08:17:48 65536 --a------ C:\WINDOWS\system32\ProgressTrace.dll
2008-06-05 08:17:48 86016 --a------ C:\WINDOWS\system32\PcdrKernelModeServices.dll
2008-06-05 08:17:43 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-06-05 08:17:04 282624 --a------ C:\WINDOWS\system32\tvt_gina_api.dll <Not Verified; IBM; tvt_gina_api>
2008-06-05 08:17:04 573440 --a------ C:\WINDOWS\system32\tvt_gina.dll <Not Verified; IBM; tvt_gina>
2008-06-05 08:17:04 73728 --a------ C:\WINDOWS\system32\QCONSVC.EXE <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2008-06-05 08:17:04 258048 --a------ C:\WINDOWS\system32\QConGina.dll <Not Verified; IBM Corp.; IBM ThinkPad Utility>
2008-06-05 08:17:00 12288 --a------ C:\WINDOWS\system32\drivers\qcndisif.sys <Not Verified; IBM Corporation.; IBM ThinkPad Utility>
2008-06-05 08:17:00 2432 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.SYS
2008-06-05 08:17:00 11520 --a------ C:\WINDOWS\system32\drivers\ANC.sys <Not Verified; IBM Corp.; IBM Access Connections>
2008-06-05 08:12:20 0 d-------- C:\IBMSHARE
2008-06-05 08:11:47 32256 --a------ C:\WINDOWS\system32\drivers\psasrv.exe
2008-06-05 08:11:47 13312 --a------ C:\WINDOWS\system32\drivers\psadd.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2008-06-05 08:02:56 0 d-------- C:\Program Files\Norton AntiVirus
2008-06-05 08:02:42 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-05 08:02:32 0 d-------- C:\Program Files\Symantec
2008-06-05 08:02:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-05 08:02:05 204800 --a------ C:\WINDOWS\system32\IVIresizeW7.dll
2008-06-05 08:02:05 188416 --a------ C:\WINDOWS\system32\IVIresizePX.dll
2008-06-05 08:02:04 192512 --a------ C:\WINDOWS\system32\IVIresizeP6.dll
2008-06-05 08:02:04 192512 --a------ C:\WINDOWS\system32\IVIresizeM6.dll
2008-06-05 08:02:04 200704 --a------ C:\WINDOWS\system32\IVIresizeA6.dll
2008-06-05 08:02:04 20480 --a------ C:\WINDOWS\system32\IVIresize.dll
2008-06-05 08:01:52 0 d-------- C:\Program Files\InterVideo
2008-06-05 08:01:16 0 d-------- C:\icons
2008-06-05 08:00:54 0 d-------- C:\Documents and Settings\All Users\Application Data\ibm
2008-06-05 07:59:52 0 d-------- C:\WINDOWS\system32\thinkpad_features
2008-06-05 07:58:19 0 d-------- C:\Program Files\IBM
2008-06-05 07:54:59 0 d-------- C:\Program Files\Digital Line Detect
2008-06-05 07:54:57 0 d-------- C:\Program Files\NetWaiting
2008-06-05 07:54:50 0 d-------- C:\Program Files\CONEXANT
2008-06-05 07:54:14 110592 --a------ C:\WINDOWS\_tpiu000.exe
2008-06-05 07:54:07 53248 --a------ C:\WINDOWS\system32\TP4HOOK.dll <Not Verified; IBM Corporation; IBM TrackPoint Accessibility Features>
2008-06-05 07:54:07 53248 --a------ C:\WINDOWS\system32\TP4EX.exe <Not Verified; IBM Corporation; IBM TrackPoint Accessibility Features>
2008-06-05 07:54:07 49152 --a------ C:\WINDOWS\system32\tp4cross.exe <Not Verified; IBM Corporation; IBM TrackPoint Accessibility Features>
2008-06-05 07:54:07 61440 --a------ C:\WINDOWS\system32\FPCALL.dll
2008-06-05 07:53:48 7168 --a------ C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2008-06-05 07:53:22 9341 --a------ C:\WINDOWS\system32\drivers\TDSMAPI.SYS
2008-06-05 07:53:21 14848 --a------ C:\WINDOWS\system32\drivers\SMAPINT.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-06-05 07:52:50 32768 --a------ C:\WINDOWS\system32\TpKmpSvc.exe
2008-06-05 07:52:50 0 d-------- C:\Program Files\ThinkPad
2008-06-05 07:52:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-05 07:52:45 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-05 07:51:08 0 d-------- C:\WINDOWS\system32\URTTemp
2008-06-05 07:50:51 0 d--h----- C:\WINDOWS\$hf_mig$
2008-06-05 07:49:23 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-06-05 07:48:33 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-06-05 07:48:30 0 d-------- C:\WINDOWS\Prefetch
2008-06-05 07:41:34 0 d-------- C:\WINDOWS\peernet
2008-06-05 07:41:33 0 d-------- C:\WINDOWS\provisioning
2008-06-05 07:39:33 0 d-------- C:\WINDOWS\EHome
2008-06-05 07:36:41 0 d-------- C:\Intel
2008-06-05 06:31:52 0 d-------- C:\DRIVERS
2008-06-05 06:23:08 16340 --a------ C:\WINDOWS\system32\drivers\TPHKDRV.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>
2008-06-05 06:18:52 0 d-------- C:\IBMTOOLS


-- Find3M Report ---------------------------------------------------------------

2008-06-06 22:56:19 0 d-------- C:\Program Files\Common Files
2008-06-06 06:42:17 0 d-------- C:\Program Files\Messenger
2008-06-05 08:35:00 0 --ah----- C:\IO.SYS
2008-06-05 08:35:00 0 --ah----- C:\CONFIG.SYS
2008-06-05 08:35:00 0 --ah----- C:\AUTOEXEC.BAT


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [10/12/2001 02:32 PM C:\WINDOWS\system32\S3Tray2.exe]
"TrackPointSrv"="tp4serv.exe" [11/13/2003 06:12 PM C:\WINDOWS\system32\tp4serv.exe]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [07/31/2004 02:03 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [07/31/2004 01:59 AM]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [02/05/2004 09:39 AM]
"TPHOTKEY"="C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [08/07/2004 10:26 AM]
"TP4EX"="tp4ex.exe" [09/04/2002 04:05 PM C:\WINDOWS\system32\TP4EX.exe]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [12/25/2003 05:04 PM]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [06/26/2004 06:39 AM]
"UC_SMB"="" []
"@"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [07/22/2004 05:01 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [03/09/2006 11:47 AM]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [03/20/2004 03:12 AM]
"QCTRAY"="C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [08/18/2004 06:30 PM]
"QCWLICON"="C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [08/18/2004 06:30 PM]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [07/29/2004 04:37 PM]
"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [07/29/2004 04:37 PM]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [07/29/2004 04:37 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [10/27/2006 03:47 PM]
"AIRPLUS"="C:\Program Files\D-Link\AIRPLUS.exe" [08/13/2005 10:45 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 05:22 AM]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [02/13/2008 01:06 AM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [06/06/2008 06:20 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 04:28 AM]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [04/10/2008 03:14 PM]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [11/03/2004 07:59 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [07/22/2004 05:01 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/14/2004 12:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [6/5/2008 7:55:00 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 08/18/2004 06:30 PM 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-06-07 11:28:13 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.40GHz
Percentage of Memory in Use: 81%
Physical Memory (total/avail): 246.42 MiB / 46.47 MiB
Pagefile Memory (total/avail): 972.78 MiB / 177.24 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.09 MiB

C: is Fixed (NTFS) - 32.77 GiB total, 22.53 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AT - 37.26 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 32.77 GiB - C:
\PARTITION1 - Unknown - 4.49 GiB



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntiVirusDisableNotify is set.

AV: Avira AntiVir PersonalEdition v8.0.1.18 (Avira GmbH) Disabled
AV: Norton AntiVirus v2004 (Symantec Corporation) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Maria Leah\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=IBM-ADEC51081A0
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Maria Leah
IBMSHARE=C:\IBMSHARE
LOGONSERVER=\\IBM-ADEC51081A0
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRAM FILES\THINKPAD\UTILITIES;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\Downloaded Program Files;C:\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for Windows\services
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
PYTHONCASEOK=1
PYTHONPATH=C:\IBMTOOLS\utils\support;C:\IBMTOOLS\utils\logger
RRU=C:\Program Files\IBM\IBM Rapid Restore Ultra\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TCL_LIBRARY=C:\IBMTOOLS\Python22\tcl\tcl8.4
TEMP=C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp
TK_LIBRARY=C:\IBMTOOLS\Python22\tcl\tk8.4
TMP=C:\DOCUME~1\MARIAL~1\LOCALS~1\Temp
USERDOMAIN=IBM-ADEC51081A0
USERNAME=Maria Leah
USERPROFILE=C:\Documents and Settings\Maria Leah
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Maria Leah (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanel
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access IBM --> MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Access IBM Message Center --> MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Avira AntiVir Personal Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
D-Link Client Installation Program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
GTK+ Runtime 2.12.8 rev a (remove only) --> C:\Program Files\Common Files\GTK\2.0\uninst.exe
HouseCall 6.6 --> "C:\Documents and Settings\Maria Leah\Application Data\HouseCall 6.6\uninstaller.exe"
IBM 32-bit Runtime Environment for Java 2, v1.4.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Integrated 56K Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 -S -ISFG
IBM Rescue and Recovery with Rapid Restore --> MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes --> MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkVantage Technologies Welcome Message --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1007F41F-7D69-468E-8017-3849A5A973C2}\SETUP.EXE" -l0x9 anything
IBM TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM TrackPoint Support --> C:\WINDOWS\System32\tp4unins.exe
IBM Update Connector --> MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Pidgin --> C:\Program Files\Pidgin\pidgin-uninst.exe
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer --> _tpiu000.exe /U
Wallpapers --> MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}


-- Application Event Log -------------------------------------------------------

Event Record #/Type425 / Error
Event Submitted/Written: 06/06/2008 10:11:03 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type424 / Warning
Event Submitted/Written: 06/06/2008 09:06:13 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W32/Small.RC:\WINDOWS\Temp\tmp37.tmp

Event Record #/Type423 / Warning
Event Submitted/Written: 06/06/2008 09:06:04 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W32/Small.RC:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP1.tmp

Event Record #/Type422 / Warning
Event Submitted/Written: 06/06/2008 09:04:52 PM / 06/06/2008 09:04:53 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W32/Small.RC:\WINDOWS\Temp\tmp36.tmp

Event Record #/Type421 / Warning
Event Submitted/Written: 06/06/2008 08:38:09 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W32/Small.RC:\Program Files\Norton AntiVirus\Quarantine\Incoming\AP0.tmp



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1861 / Warning
Event Submitted/Written: 06/07/2008 01:35:30 AM / 06/07/2008 01:35:31 AM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<pctsSvc.exe> C:\...5\LicTest\avwinll.dll

Event Record #/Type1859 / Warning
Event Submitted/Written: 06/07/2008 01:31:12 AM / 06/07/2008 01:31:14 AM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<pctsSvc.exe> C:\...idationdir\aecore.dll

Event Record #/Type1858 / Warning
Event Submitted/Written: 06/07/2008 01:21:11 AM / 06/07/2008 01:21:12 AM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<pctsSvc.exe> C:\... Classic\avnotify.exe

Event Record #/Type1857 / Warning
Event Submitted/Written: 06/07/2008 01:15:28 AM / 06/07/2008 01:15:29 AM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<firefox.exe> C:\...ult\sessionstore-1.js

Event Record #/Type1856 / Warning
Event Submitted/Written: 06/07/2008 01:07:46 AM / 06/07/2008 01:07:47 AM
Event ID/Source: 18 / avgntflt
Event Description:
TIMEOUT<TeaTimer.exe> C:\...n Classic\preupd.exe



-- End of Deckard's System Scanner: finished at 2008-06-07 11:28:13 ------------

KASPERSKY ONLINE SCANNER REPORT
Saturday, June 07, 2008 11:16:35 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/06/2008
Kaspersky Anti-Virus database records: 834559
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 46979
Number of viruses found 1
Number of infected objects 89
Number of suspicious objects 0
Duration of the scan process 02:28:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\ibm\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\cert8.db Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\history.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\key3.db Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\parent.lock Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Maria Leah\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Maria Leah\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Mozilla\Firefox\Profiles\1useoouz.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\History\History.IE5\MSHist012008060720080608\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\AVP485.tmp Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\AVP486.tmp Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\AVP4F8.tmp Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\AVP4FC.tmp Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\AVP4FD.tmp Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\Perflib_Perfdata_cec.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Maria Leah\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CD051E0.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\12F20BE1.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\12F20BE1.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\19864937.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C087DF3.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C5E2A2A.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\30B467F2.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\32B23618.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F851DFE.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\41D0588E.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\470873E1.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\475322A9.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47777081.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\479E6856.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47A11252.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47A53C4F.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47A8664B.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47CF5E20.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47D2081C.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47DC0612.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47E60407.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47E60407.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47E92E03.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\47E92E03.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\49894DB1.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D292DE1.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\4FC45085.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\547C3AC4.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\56401FF3.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\5D630585.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\61413744.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\62A16DC0.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\65727279.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\661335F6.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\66CA652D.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\66CD0F29.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\672252CC.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\67257CC8.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\677A406B.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\677A406B.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\677E6A67.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\677E6A67.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F67BE2.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\67F67BE2.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\67FA25DF.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\67FD4FDB.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6852137E.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\68553D7A.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\68AA011D.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\68AD2B19.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\68AD2B19.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\68ED3BCD.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\69026EBB.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\690942B4.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\695A5C5A.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\695E0657.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\69613053.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\69B249F9.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\69B673F6.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\69B673F6.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A0B3798.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A0B3798.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A0E6195.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A0E6195.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A110B91.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6A632537.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6ABB12D6.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6ABE3CD3.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B130075.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B162A72.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BA00DDB.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BF5517D.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BF87B7A.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6BFB2576.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C4D3F1C.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C506919.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70833514.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\708417E7.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70A111C7.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70BB61AA.av$ Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70C235A3.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70C55F9F.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70D20791.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70F00171.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70F32B6D.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\70F65569.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\713B39E0.tmp Infected: Virus.Win32.Small.r skipped
C:\Program Files\Norton AntiVirus\Quarantine\787B1418.tmp Infected: Virus.Win32.Small.r skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C7A7A028-A872-4541-A9A8-0DE68731A765}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp3DE.tmp Infected: Virus.Win32.Small.r skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:21 PM

Posted 07 June 2008 - 01:06 PM

Hello Leis23,

Boot into Safe Mode:
Restart your computer and tap F8 before WinXP starts to load and choose Safe Mode.
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Navigate, using Windows Explorer, to and delete the content of the following folders (NOT the folders themselves !!!):C:\WINDOWS\Temp <== folder
C:\Program Files\Norton AntiVirus\Quarantine <== folder
Restart your computer in normal mode.

Run a new Kaspersky scan and check if anything shows up again. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 Leis23

Leis23
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2008 - 06:09 AM

hi, thunder! thanks a lot! here's my latest kaspersky scan.

KASPERSKY ONLINE SCANNER REPORT
Sunday, June 08, 2008 6:58:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 8/06/2008
Kaspersky Anti-Virus database records: 839011
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
Scan Statistics
Total number of scanned objects 46488
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 01:49:53

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\ibm\messages\logs\lf000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Maria Leah\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\History\History.IE5\MSHist012008060820080609\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temp\Perflib_Perfdata_adc.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Maria Leah\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Maria Leah\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\_restore{C49BD92C-9C3F-4BDD-866F-EAF535330B6C}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C284CFC4-5DD8-47FF-9B8A-AAD4CC3B8522}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:21 PM

Posted 08 June 2008 - 03:57 PM

Looks better, doesn't it Leis23 ? :thumbsup:

Any more problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 Leis23

Leis23
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 08 June 2008 - 06:18 PM

hi, thunder!

none so far! thanks a bunch!

:thumbsup:

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:21 PM

Posted 09 June 2008 - 03:44 AM

Glad we could help, Leis23 :thumbsup:

Please read this Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Please also read Tony Klein's excellent article: How I got Infected in the First Place
and/or Grinlers tutorial on how malware is hidden and installed

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users