Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Home Page Default Keeps Changing


  • This topic is locked This topic is locked
7 replies to this topic

#1 sgopal2

sgopal2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 14 June 2008 - 09:13 PM

Hello:

I am having problems with maintaining my default home page on Firefox.

I don't recall installing any new software or other files which might have recently infected my machine. But whenever I try to change the default home page on Firefox (Tools > Options > Home Page), the change takes effect only for the current login. After shutting down the computer and logging back in I find that the old default home page is still present (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome).

A few days ago, I downloaded and installed SpyBot Search and Destroy. After an initial scan, Spybot found the following:
Microsoft.WindowsSecurityCenter.AntiVirusOverride Settings

It then immediately fixed it, and I rebooted, and the same problem (default home page going back to MSN) started again.

Currently I'm running Firefox 3.0 (but I had the same problem when I was running Firefox 2.0.0.14). A spyware search using Spybot and Adaware search that I ran today found nothing. A copy of my DSS scan and HijackThis log are attached below.

Any help you can offer is greatly appreciated.

Run by user1 on 2008-06-14 17 _linenums:22'>Deckard's System Scanner v20071014.68Run by user1 on 2008-06-14 17:22:24Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --43: 2008-06-14 21:22:52 UTC - RP43 - Deckard's System Scanner Restore Point42: 2008-06-11 01:04:04 UTC - RP42 - Software Distribution Service 3.041: 2008-06-10 23:51:48 UTC - RP41 - System Checkpoint40: 2008-06-09 23:26:17 UTC - RP40 - System Checkpoint39: 2008-06-08 16:48:19 UTC - RP39 - Installed Ad-Aware-- First Restore Point -- 1: 2008-05-13 19:06:43 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 79% (more than 75%).Total Physical Memory: 511 MiB (512 MiB recommended).-- HijackThis (run as user1.exe) -----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 5:24:00 PM, on 6/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\ibmpmsvc.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Lavasoft\Ad-Aware\aawservice.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeC:\Program Files\IBM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\WINDOWS\system32\TpKmpSVC.exeC:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeC:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeC:\Program Files\Lenovo\System Update\SUService.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\WINDOWS\system32\RunDll32.exeC:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\Synaptics\SynTP\SynTPLpr.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeC:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeC:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeC:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeC:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.ExeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exeC:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Java\jre1.6.0_06\bin\jusched.exeC:\Program Files\Spybot - Search & Destroy\TeaTimer.exeC:\Program Files\IBM\Bluetooth Software\BTTray.exeC:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXEC:\WINDOWS\System32\svchost.exeC:\Documents and Settings\user1\Desktop\dss.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\user1.exeO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLLO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /trayO4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitorO4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXEO4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitorO4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLogO4 - HKLM\..\Run: [TP4EX] tp4ex.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exeO4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helperO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exeO4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exeO4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.ExeO4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exeO4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -aO4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exeO4 - Global Startup: BTTray.lnk = ?O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dllO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exeO23 - Service: Access Connections Main Service (AcSvc) - Lenovo  - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exeO23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exeO23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exeO23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exeO23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 7903 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R1 ANC - c:\windows\system32\drivers\anc.sys <Not Verified; IBM Corp.; IBM Access Connections>R1 IBMTPCHK - c:\windows\system32\drivers\ibmbldid.sysR1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sysR1 TPHKDRV - c:\windows\system32\drivers\tphkdrv.sys <Not Verified; IBM Corporation; ThinkPad OnScreenDisplay>R1 TPPWR - c:\windows\system32\drivers\tppwr.sys <Not Verified; IBM Corp.; IBM ThinkPad Utility>R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sysR2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>S3 USB200M (Linksys USB 2.0 Network Adapter ver.2) - c:\windows\system32\drivers\usb200m2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 SUService (System Update) - "c:\program files\lenovo\system update\suservice.exe" <Not Verified; Lenovo Group Limited; ThinkVantage System Update Service>R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exeR2 TVT Scheduler - "c:\program files\common files\lenovo\scheduler\tvtsched.exe" <Not Verified; Lenovo Group Limited; tvtsched Module>-- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2008-05-15 10:54:12       298 --a------ C:\WINDOWS\Tasks\BMMTask.job-- Files created between 2008-05-14 and 2008-06-14 -----------------------------2008-06-10 17:56:13         0 d-------- C:\Documents and Settings\user4\Application Data\Mozilla2008-06-09 18:20:24         0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2008-06-08 18:07:33         0 d-------- C:\Documents and Settings\user2\Application Data\Mozilla2008-06-08 12:48:26         0 d-------- C:\Program Files\Lavasoft2008-06-08 12:48:24         0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft2008-06-08 12:47:50         0 d-------- C:\Program Files\Common Files\Wise Installation Wizard2008-06-08 12:26:35         0 d-------- C:\Program Files\Trend Micro2008-05-31 10:34:29         0 d-------- C:\Documents and Settings\user1\Application Data\OpenOffice.org22008-05-31 10:30:35         0 d-------- C:\Program Files\OpenOffice.org 2.42008-05-31 10:27:29         0 d-------- C:\Documents and Settings\user1\Application Data\Sun2008-05-29 21:13:06         0 d-------- C:\Documents and Settings\user1\Application Data\pdf9952008-05-29 21:11:09         0 d-------- C:\Documents and Settings\All Users\Application Data\pdf9952008-05-29 21:11:08    249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>2008-05-29 21:11:08     51716 --a------ C:\WINDOWS\system32\pdf995mon.dll2008-05-29 21:11:06         0 d-------- C:\Program Files\pdf9952008-05-26 07:00:03         0 d-------- C:\WINDOWS\Sun2008-05-26 07:00:03         0 d-------- C:\Documents and Settings\user3\Application Data\Sun2008-05-25 06:09:15         0 d-------- C:\Documents and Settings\user3\Application Data\Macromedia2008-05-25 06:09:15         0 d-------- C:\Documents and Settings\user3\Application Data\Adobe2008-05-25 06:06:44         0 d-------- C:\Documents and Settings\user3\Application Data\Identities2008-05-25 06:06:24         0 dr------- C:\Documents and Settings\user3\Favorites2008-05-25 06:06:24         0 d-------- C:\Documents and Settings\user3\Desktop2008-05-25 06:06:24         0 d---s---- C:\Documents and Settings\user3\Cookies2008-05-25 06:06:24         0 dr-h----- C:\Documents and Settings\user3\Application Data2008-05-25 06:06:24         0 d---s---- C:\Documents and Settings\user3\Application Data\Microsoft2008-05-25 06:06:23         0 d--h----- C:\Documents and Settings\user3\Templates2008-05-25 06:06:23         0 dr------- C:\Documents and Settings\user3\Start Menu2008-05-25 06:06:23         0 dr-h----- C:\Documents and Settings\user3\SendTo2008-05-25 06:06:23         0 dr-h----- C:\Documents and Settings\user3\Recent2008-05-25 06:06:23         0 d--h----- C:\Documents and Settings\user3\PrintHood2008-05-25 06:06:23         0 d--h----- C:\Documents and Settings\user3\NetHood2008-05-25 06:06:23         0 dr------- C:\Documents and Settings\user3\My Documents2008-05-25 06:06:23         0 d--h----- C:\Documents and Settings\user3\Local Settings2008-05-25 06:06:22   2097152 --ah----- C:\Documents and Settings\user3\NTUSER.DAT2008-05-25 05:50:17         0 d-------- C:\Documents and Settings\user2\Application Data\Sun2008-05-23 00:01:43     18048 -ra------ C:\WINDOWS\system32\drivers\USB200M2.sys <Not Verified; Linksys; Linksys USB 2.0 Network Adapter ver.2>2008-05-21 21:07:50         0 d-------- C:\WINDOWS\system32\PreInstall2008-05-20 22:13:40         0 d-------- C:\Documents and Settings\user4\Application Data\Macromedia2008-05-20 22:13:40         0 d-------- C:\Documents and Settings\user4\Application Data\Adobe2008-05-20 22:10:06         0 d-------- C:\Documents and Settings\user4\Application Data\Identities2008-05-20 22:09:54         0 dr------- C:\Documents and Settings\user4\My Documents2008-05-20 22:09:54         0 d--h----- C:\Documents and Settings\user4\Local Settings2008-05-20 22:09:54         0 dr------- C:\Documents and Settings\user4\Favorites2008-05-20 22:09:54         0 d-------- C:\Documents and Settings\user4\Desktop2008-05-20 22:09:54         0 d---s---- C:\Documents and Settings\user4\Cookies2008-05-20 22:09:54         0 dr-h----- C:\Documents and Settings\user4\Application Data2008-05-20 22:09:54         0 d---s---- C:\Documents and Settings\user4\Application Data\Microsoft2008-05-20 22:09:53         0 d--h----- C:\Documents and Settings\user4\Templates2008-05-20 22:09:53         0 dr------- C:\Documents and Settings\user4\Start Menu2008-05-20 22:09:53         0 dr-h----- C:\Documents and Settings\user4\SendTo2008-05-20 22:09:53         0 dr-h----- C:\Documents and Settings\user4\Recent2008-05-20 22:09:53         0 d--h----- C:\Documents and Settings\user4\PrintHood2008-05-20 22:09:53   2097152 --ah----- C:\Documents and Settings\user4\NTUSER.DAT2008-05-20 22:09:53         0 d--h----- C:\Documents and Settings\user4\NetHood2008-05-20 22:07:56         0 d-------- C:\Documents and Settings\user2\Application Data\Macromedia2008-05-20 22:07:56         0 d-------- C:\Documents and Settings\user2\Application Data\Adobe2008-05-20 22:00:52         0 d--h----- C:\WINDOWS\$hf_mig$2008-05-20 21:50:47         0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe2008-05-20 21:50:29         0 d-------- C:\Program Files\Common Files\Adobe2008-05-20 21:41:33         0 d-------- C:\Program Files\Java2008-05-20 21:41:19         0 d-------- C:\Program Files\Common Files\Java2008-05-20 21:39:25         0 d-------- C:\Documents and Settings\user1\Application Data\Macromedia2008-05-20 21:39:25         0 d-------- C:\Documents and Settings\user1\Application Data\Adobe2008-05-20 21:39:18      1160 --a------ C:\WINDOWS\mozver.dat2008-05-20 21:35:18         0 d-------- C:\WINDOWS\system32\LogFiles2008-05-20 00:01:44         0 d-------- C:\Program Files\Alwil Software2008-05-19 23:52:27         0 d-------- C:\Documents and Settings\All Users\Application Data\Google2008-05-19 23:47:18   2617376 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat2008-05-19 23:40:14         0 d-------- C:\Program Files\ZoneAlarmSB2008-05-19 23:38:46         0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier2008-05-19 23:38:40      4212 ---h----- C:\WINDOWS\system32\zllictbl.dat2008-05-19 23:38:30     11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>2008-05-19 23:38:14         0 d-------- C:\WINDOWS\system32\ZoneLabs2008-05-19 23:37:51         0 d-------- C:\WINDOWS\Internet Logs2008-05-19 20:28:09         0 d-------- C:\Documents and Settings\user2\Application Data\Identities2008-05-19 20:28:03         0 d--h----- C:\Documents and Settings\user2\Templates2008-05-19 20:28:03         0 dr------- C:\Documents and Settings\user2\Start Menu2008-05-19 20:28:03         0 dr-h----- C:\Documents and Settings\user2\SendTo2008-05-19 20:28:03         0 dr-h----- C:\Documents and Settings\user2\Recent2008-05-19 20:28:03         0 d--h----- C:\Documents and Settings\user2\PrintHood2008-05-19 20:28:03         0 d--h----- C:\Documents and Settings\user2\NetHood2008-05-19 20:28:03         0 dr------- C:\Documents and Settings\user2\My Documents2008-05-19 20:28:03         0 d--h----- C:\Documents and Settings\user2\Local Settings2008-05-19 20:28:03         0 dr------- C:\Documents and Settings\user2\Favorites2008-05-19 20:28:03         0 d-------- C:\Documents and Settings\user2\Desktop2008-05-19 20:28:03         0 d---s---- C:\Documents and Settings\user2\Cookies2008-05-19 20:28:03         0 dr-h----- C:\Documents and Settings\user2\Application Data2008-05-19 20:28:03         0 d---s---- C:\Documents and Settings\user2\Application Data\Microsoft2008-05-19 20:28:02   2359296 --ah----- C:\Documents and Settings\user2\NTUSER.DAT2008-05-19 20:23:15         0 --a------ C:\WINDOWS\nsreg.dat2008-05-19 20:23:12         0 d-------- C:\Documents and Settings\user1\Application Data\Mozilla2008-05-19 20:14:19         0 d-------- C:\WINDOWS\system32\SoftwareDistribution2008-05-19 20:07:45         0 d-------- C:\Documents and Settings\user1\(null)2008-05-15 19:47:16    421955 --a------ C:\WINDOWS\system32\CSWGINA.DLL <Not Verified; Cisco Systems, Inc.; Cisco Aironet GINA>2008-05-15 19:47:16    491520 --a------ C:\WINDOWS\system32\ACrd10SM.dll <Not Verified; Cisco Systems; Cisco Systems Aironet Card Access DLL>2008-05-15 19:47:13     86016 --a------ C:\WINDOWS\system32\CiscoEapMschap.dll <Not Verified; Cisco Systems, Inc.; EAP MSCHAPV2 Module>2008-05-15 19:47:13    602112 --a------ C:\WINDOWS\system32\CiscoEapFast.dll <Not Verified; Cisco Systems, Inc.; EAP-FAST Module>2008-05-15 19:28:27         0 d-------- C:\Documents and Settings\All Users\Application Data\PC-Doctor2008-05-15 19:27:24         0 d-------- C:\Program Files\PCDR52008-05-15 19:25:23       188 --a------ C:\WINDOWS\x2008-05-15 19:18:16         0 d-------- C:\swshare2008-05-15 18:58:04         0 d-------- C:\Documents and Settings\user1\Application Data\IBM2008-05-15 18:47:11         0 d-------- C:\WINDOWS\system32\(null)2008-05-15 18:47:00         0 d-------- C:\Program Files\Common Files\Lenovo2008-05-15 12:03:27         0 d-------- C:\Documents and Settings\LocalService\Start Menu2008-05-15 12:03:01         0 d-------- C:\WINDOWS\SoftwareDistribution2008-05-15 12:02:56         0 d-------- C:\WINDOWS\Prefetch2008-05-15 11:42:49         0 d-------- C:\WINDOWS\peernet2008-05-15 11:42:48         0 d-------- C:\WINDOWS\provisioning2008-05-15 11:39:51         0 d-------- C:\WINDOWS\ServicePackFiles2008-05-15 11:32:46         0 d-------- C:\WINDOWS\EHome2008-05-15 11:17:14         0 d-------- C:\WINDOWS\Cisco2008-05-15 11:16:23      9343 -----n--- C:\WINDOWS\system32\drivers\TDSMAPI.SYS2008-05-15 11:16:22     14848 -----n--- C:\WINDOWS\system32\drivers\SMAPINT.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>2008-05-15 11:15:25      7012 -----n--- C:\WINDOWS\system32\drivers\PMEMNT.SYS <Not Verified; Microsoft Corporation; Microsoft® Windows NT(tm) Operating System>2008-05-15 11:14:57         0 d-------- C:\icons2008-05-15 11:13:08      7168 --a------ C:\WINDOWS\system32\drivers\TSMAPIP.SYS2008-05-15 11:01:34      4224 --a------ C:\WINDOWS\system32\drivers\IBMBLDID.sys2008-05-15 11:01:34     11520 --a------ C:\WINDOWS\system32\drivers\ANC.sys <Not Verified; IBM Corp.; IBM Access Connections>2008-05-15 11:00:48         0 d-------- C:\Program Files\Synaptics2008-05-15 11:00:24         0 d-------- C:\Program Files\ltmoh2008-05-15 11:00:14         0 d-------- C:\WINDOWS\Options2008-05-15 10:59:53     32768 --a------ C:\WINDOWS\system32\TpKmpSvc.exe2008-05-15 10:59:37         0 d-------- C:\Program Files\Intel2008-05-15 10:59:01         0 d-------- C:\WINDOWS\system32\ReinstallBackups2008-05-15 10:58:23         0 d-------- C:\Program Files\Lenovo2008-05-15 10:57:26         0 d-------- C:\Program Files\ATI Technologies2008-05-15 10:56:03         0 d-------- C:\Program Files\IBM2008-05-15 10:55:14     40960 --a------ C:\WINDOWS\system32\TP4HOOK.dll <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>2008-05-15 10:55:14     65536 --a------ C:\WINDOWS\system32\TP4EX.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>2008-05-15 10:55:14     40960 --a------ C:\WINDOWS\system32\tp4cross.exe <Not Verified; Lenovo Group Limited; TrackPoint Accessibility Features>2008-05-15 10:55:14     45056 --a------ C:\WINDOWS\system32\FPCALL.dll2008-05-15 10:54:07    184320 --a------ C:\WINDOWS\TPBATHLP.EXE2008-05-15 10:54:04     16384 --a------ C:\WINDOWS\system32\drivers\TPPWR.SYS <Not Verified; IBM Corp.; IBM ThinkPad Utility>2008-05-15 10:54:04         0 d-------- C:\Program Files\ThinkPad2008-05-15 10:53:57    306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>2008-05-15 10:52:56     30208 --a------ C:\WINDOWS\system32\wdmioctl.dll <Not Verified; Analog Devices Inc.; Analog Devices Inc. wdmioctl>2008-05-15 10:52:55   1285632 --a------ C:\WINDOWS\system32\SMMedia.dll <Not Verified; Analog Devices; SoundMAX Integrated Digital Audio>2008-05-15 10:52:53     49152 --a------ C:\WINDOWS\system32\DSndUp.exe <Not Verified; Analog Devices Inc.; adi DSndUp>2008-05-15 10:52:53         0 d-------- C:\Program Files\Analog Devices2008-05-15 10:52:52     45056 --a------ C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>2008-05-15 10:52:51         0 d--h----- C:\Program Files\InstallShield Installation Information2008-05-15 10:52:37         0 d-------- C:\Program Files\Common Files\InstallShield2008-05-15 07:46:48         0 d-------- C:\Program Files\Cisco Systems-- Find3M Report ---------------------------------------------------------------2008-06-08 12:47:50         0 d-------- C:\Program Files\Common Files2008-05-21 22:21:32         0 d-------- C:\Program Files\Messenger2008-05-15 11:42:49         0 d-------- C:\Program Files\Movie Maker2008-05-15 11:39:22         0 d-------- C:\Program Files\Windows NT2008-05-13 15:06:28         0 d-------- C:\Documents and Settings\user1\Application Data\Identities2008-05-13 14:11:27         0 d-------- C:\Program Files\microsoft frontpage2008-05-13 14:11:02         0 -rahs---- C:\MSDOS.SYS2008-05-13 14:11:02         0 -rahs---- C:\IO.SYS2008-05-13 14:11:02         0 --a------ C:\CONFIG.SYS2008-05-13 14:11:02         0 --a------ C:\AUTOEXEC.BAT2008-05-13 14:09:38         0 d-------- C:\Program Files\Online Services2008-05-13 14:08:41         0 d-------- C:\Program Files\Common Files\MSSoap2008-05-13 14:07:51     21640 --a------ C:\WINDOWS\system32\emptyregdb.dat2008-05-13 14:07:22         0 d--h----- C:\Program Files\WindowsUpdate2008-05-13 14:07:10         0 d-------- C:\Program Files\MSN Gaming Zone2008-05-13 07:01:12         0 d-------- C:\Program Files\Common Files\ODBC2008-05-13 07:01:09         0 d-------- C:\Program Files\Common Files\SpeechEngines2008-05-13 07:00:44        62 --ahs---- C:\Documents and Settings\user1\Application Data\desktop.ini-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]05/19/2008 11:40 PM	262144	--a------	C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [05/19/2008 11:40 PM 262144][-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [10/14/2004 12:11 PM]"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [09/23/2004 03:41 PM]"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [04/20/2005 05:38 AM]"BMMLREF"="C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE" [04/20/2005 05:38 AM]"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [04/20/2005 05:38 AM]"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [04/20/2005 05:38 AM]"TP4EX"="tp4ex.exe" [10/17/2005 04:11 AM C:\WINDOWS\system32\TP4EX.exe]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [02/07/2007 12:00 AM]"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [10/02/2006 02:19 PM]"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [01/09/2007 07:28 PM]"AGRSMMSG"="AGRSMMSG.exe" [06/27/2003 12:53 PM C:\WINDOWS\AGRSMMSG.exe]"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [12/05/2007 07:14 PM]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [12/05/2007 07:14 PM]"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [03/14/2008 09:57 PM]"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [03/14/2008 09:53 PM]"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [04/27/2007 06:33 AM]"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [11/19/2007 05:23 PM]"ACUMon"="C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.exe" [02/23/2004 02:18 PM]"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [04/03/2008 12:07 AM]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/2008 07:19 PM]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [03/25/2008 07:28 AM]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/12/2008 01:16 AM][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk - C:\Program Files\IBM\Bluetooth Software\BTTray.exe [1/20/2004 10:15:12 PM][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify] ACNotify.dll 03/14/2008 09:54 PM 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2] notifyf2.dll 07/06/2005 03:45 AM 28672 C:\WINDOWS\system32\notifyf2.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey] tphklock.dll 12/01/2005 12:16 AM 24576 C:\WINDOWS\system32\tphklock.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]"Notification Packages"= scecli ACGina[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"-- Hosts -----------------------------------------------------------------------127.0.0.1	www.007guard.com127.0.0.1	007guard.com127.0.0.1	008i.com127.0.0.1	www.008k.com127.0.0.1	008k.com127.0.0.1	www.00hq.com127.0.0.1	00hq.com127.0.0.1	010402.com127.0.0.1	www.032439.com127.0.0.1	032439.com8699 more entries in hosts file.-- End of Deckard's System Scanner: finished at 2008-06-14 17:25:34 ------------Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft Windows XP Professional (build 2600) SP 2.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® M processor 1500MHzPercentage of Memory in Use: 66%Physical Memory (total/avail): 510.92 MiB / 173.63 MiBPagefile Memory (total/avail): 1245.64 MiB / 863.64 MiBVirtual Memory (total/avail): 2047.88 MiB / 1930.94 MiBC: is Fixed (NTFS) - 37.26 GiB total, 30.03 GiB free. D: is CDROM (No Media)\\.\PHYSICALDRIVE0 - FUJITSU MHT2040AH - 37.26 GiB - 1 partition  \PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:-- Security Center -------------------------------------------------------------AUOptions is scheduled to auto-install.Windows Internal Firewall is enabled.FW: ZoneAlarm Firewall v7.0.473.000 (Check Point, LTD.)AV: avast! antivirus 4.8.1201 [VPS 080516-1] v4.8.1201 (ALWIL Software) Outdated[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\Documents and Settings\All UsersAPPDATA=C:\Documents and Settings\user1\Application DataCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=GFAM-KITCHENComSpec=C:\WINDOWS\system32\cmd.exeFP_NO_HOST_CHECK=NOHOMEDRIVE=C:HOMEPATH=\Documents and Settings\user1LOGONSERVER=\\GFAM-KITCHENMOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\user1\Application Data\Mozilla\Firefox\Crash ReportsMOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla Firefox\firefox.exeMOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla Firefox\crashreporter-override.iniNUMBER_OF_PROCESSORS=1OS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ThinkPad\ConnectUtilities;C:\Program Files\Common Files\LenovoPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSHPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 6 Model 9 Stepping 5, GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=0905ProgramFiles=C:\Program FilesPROMPT=$P$GSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WINDOWSTEMP=C:\DOCUME~1\user1\LOCALS~1\TempTMP=C:\DOCUME~1\user1\LOCALS~1\Temptvdumpflags=8TVT=C:\Program Files\LenovoUSERDOMAIN=GFAM-KITCHENUSERNAME=user1USERPROFILE=C:\Documents and Settings\user1windir=C:\WINDOWS-- User Profiles ---------------------------------------------------------------user1 (admin)user2user4-- Add/Remove Programs --------------------------------------------------------- --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6041B9C1-775E-4C6A-AECE-70C39CAED90A}\SETUP.EXE"  --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6CB604F-CC59-480B-90FB-C15E80FB81A2}\Setup.exe"  --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C75C9B85-4D7B-4E8B-8BDB-60C737610C2D}\Setup.exe"  --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E01ADB17-4514-401F-ADE2-815946A651D6}\Setup.exe"  --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAccess IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXEAd-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}Agere Systems AC'97 Modem --> agrsmdelATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver --> rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanavast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetupCisco Aironet Installation Wizard --> C:\WINDOWS\Cisco\DInstall\IWSetup.exe /cpHijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallIBM Integrated Bluetooth II Software --> MsiExec.exe /X{E98D6792-FC51-4187-9448-CA9BF893384E}IBM ThinkPad Battery MaxiMiser and Power Management Features --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ThinkPad\Utilities\Unbmm.isu" -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"Intel® PRO Network Adapters and Drivers --> Prounstl.exeJava(tm) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}Java(tm) 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exeOpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exePdf995 --> C:\Program Files\pdf995\setup.exe uninstallPdfEdit995 --> C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstallSoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9  -removeonlySpybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"System Update --> MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\SETUP.EXE" -l0x9 -AddRemoveThinkPad EasyEject Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1297C681-92D7-40EF-93BF-03F66EC5105C}\SETUP.EXE" -l0x9 -AddRemoveThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.infThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anythingThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,UninstallThinkPad Presentation Director --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"ThinkPad UltraNav Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" -l0x9 UNINSTALLThinkVantage Access Connections --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EB114D8-207F-45AE-BABD-1669715F2630}\setup.exe" -l0x9 anythingTrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\Setup.exe" ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exeZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O -- Application Event Log -------------------------------------------------------Event Record #/Type368 / ErrorEvent Submitted/Written: 06/14/2008 05:18:35 PMEvent ID/Source: 490 / ESENTEvent Description:svchost (1284) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).Event Record #/Type343 / WarningEvent Submitted/Written: 06/09/2008 08:46:32 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.Event Record #/Type338 / WarningEvent Submitted/Written: 06/08/2008 08:35:40 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.Event Record #/Type316 / WarningEvent Submitted/Written: 06/07/2008 07:24:02 AMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.Event Record #/Type311 / WarningEvent Submitted/Written: 06/06/2008 10:31:35 PMEvent ID/Source: 1524 / UserenvEvent Description:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type1652 / ErrorEvent Submitted/Written: 06/14/2008 03:48:15 PMEvent ID/Source: 8032 / BROWSEREvent Description:The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0A4D2599-BD9D-4A36-87BB-5BFC0248FB0F}.The backup browser is stopping.Event Record #/Type1460 / WarningEvent Submitted/Written: 06/08/2008 01:20:38 PMEvent ID/Source: 8021 / BROWSEREvent Description:The browser was unable to retrieve a list of servers from the browser master \\GFAM-OFFICE on the network \Device\NetBT_Tcpip_{0A4D2599-BD9D-4A36-87BB-5BFC0248FB0F}.The data is the error code.Event Record #/Type1414 / WarningEvent Submitted/Written: 06/08/2008 11:29:36 AMEvent ID/Source: 8021 / BROWSEREvent Description:The browser was unable to retrieve a list of servers from the browser master \\GFAM-OFFICE on the network \Device\NetBT_Tcpip_{0A4D2599-BD9D-4A36-87BB-5BFC0248FB0F}.The data is the error code.Event Record #/Type1339 / ErrorEvent Submitted/Written: 06/07/2008 08:26:39 AMEvent ID/Source: 8032 / BROWSEREvent Description:The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0A4D2599-BD9D-4A36-87BB-5BFC0248FB0F}.The backup browser is stopping.Event Record #/Type1283 / ErrorEvent Submitted/Written: 06/06/2008 06:20:18 PMEvent ID/Source: 8032 / BROWSEREvent Description:The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0A4D2599-BD9D-4A36-87BB-5BFC0248FB0F}.The backup browser is stopping.-- End of Deckard's System Scanner: finished at 2008-06-14 17:25:34 ------------

Attached Files



BC AdBot (Login to Remove)

 


#2 sgopal2

sgopal2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 14 June 2008 - 11:08 PM

Hello -

I just ran a Kaspersky online scan and the results are posted below. In summary, there was no malware detected on the scan.

[codebox]
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, June 15, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, June 15, 2008 03:05:25
Records in database: 865003
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\user1\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS

Scan statistics:
Files scanned: 4734
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:03:23

No malware has been detected. The scan area is clean.

The selected area was scanned.
[/codebox]

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 AM

Posted 15 June 2008 - 02:39 PM

Hello sgopal2,

Welcome to Bleeping Computer :thumbsup:

I have two things for you to try, one at a time. First, try uninstalling Zone Alarm and try to reset your home page, then reinstall Zone Alarm. If that doesn't work, then do the same thing with Spybot.

Let me know how you come out.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 sgopal2

sgopal2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 19 June 2008 - 06:50 PM

Hi Teacup,

Thanks for your reply. I tried the following:

1) Uninstall Zonealarm, reset home page to something new, reboot -> MSN home page keeps appearing
2) Uninstall Spybot, reset home page to something new, reboot -> MSN home page keeps appearing
3) Uninstall Adaware, reset home page to something new, reboot -> MSN home page keeps appearing

Anyone have any other ideas?

#5 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 AM

Posted 28 June 2008 - 10:48 AM

Hello,

I apologize for my absence the last several days. :thumbsup: I've been sick. I'm just now able to sit and concentrate on logs.

Are you still having this problem?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#6 sgopal2

sgopal2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 01 July 2008 - 01:15 PM

Hi Tea,

Sorry to hear about your illness. Hope you are feeling better now.

I didn't hear any other replies, so what I did was to re-install Windows XP from scratch and formatted the entire hard drive. Everything works perfectly now.

If anyone else has any ideas on what went wrong, it might be helpful for the next reader down the line.

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 AM

Posted 01 July 2008 - 09:15 PM

Hello,

I'm so sorry. :thumbsup: Thanks for letting me know.

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:04:46 AM

Posted 04 July 2008 - 10:15 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users