Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pua.packed.armadillo/weird Activities


  • This topic is locked This topic is locked
2 replies to this topic

#1 Charlie'sHuman

Charlie'sHuman

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:54 AM

Posted 17 June 2008 - 03:18 PM

Dear BleepingCom Helpers,

I run a Windows XP VM with Parallels on a MacBook Pro 2.0 clock, 2.0 RAM, 200 HD. When I log into the VM, wierd things happen at random times:

--Windows keeps trying to configure Dragon NS 9
--icons on the desktop and software windows disappear or blink on and off
--I've attempted to get a bead on the processor, but when I go up to the Parallels menu to click on Actions to Send Keys (Ctr-Alt-Del), it starts to behave
--ClamAV has discovered the PUA.Packed.Armadillo, whatever that is (see report below)

Recently, I had the original 100 G drive replaced with a 200 G. Also, I was using Avast, but I had the impression that it might somehow be causing my problems, so I replace it with ClamAV.

That's all I know...hope you can help. I'm an experienced user, but by no means capable beyond the normal simple problems.

thanks,

Charlie'sHuman

--------------------
Scan Started Tue Jun 17 12:48:58 2008

-------------------------------------------------------------------------------



C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe: moved/scheduled to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.natspeak.exe'

C:\RECYCLER\S-1-5-21-1645522239-1060284298-854245398-1003\Dc134.exe: moved/scheduled to 'C:\Documents and Settings\All Users\.clamwin\quarantine\infected.Dc134.exe'



C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe: PUA.Packed.Armadillo FOUND

C:\RECYCLER\S-1-5-21-1645522239-1060284298-854245398-1003\Dc134.exe: PUA.Packed.Armadillo FOUND

----------- SCAN SUMMARY -----------

Known viruses: 314071

Engine version: 0.93.1

Scanned directories: 5134

Scanned files: 62575

Infected files: 2



Data scanned: 17258.17 MB

Time: 6686.296 sec (111 m 26 s)

--------------------------------------

Completed

--------------------------------------

Deckard's System Scanner v20071014.68
Run by Mark Heinemann on 2008-06-17 14:50:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-06-17 19:50:24 UTC - RP426 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Mark Heinemann.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:54:12, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Parallels\Parallels Tools\cohrence.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Parallels\Parallels Tools\toolsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iFinger\iFinger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Mark Heinemann\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Mark Heinemann.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dts.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: iFinger - {1624F640-49AC-11D3-8ABD-00C04FA95EE0} - C:\PROGRA~1\iFinger\IFINGE~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Acronis True Image\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
O4 - HKLM\..\Run: [SharedInternetApplication] "C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" /start
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [CloseAllWindows] "C:\Program Files\CloseAllWindows\CloseAllWindows.exe"
O4 - Startup: Intellicast.lnk = C:\Program Files\Intellicast\Intellicast.exe
O4 - Global Startup: iFinger.lnk = C:\Program Files\iFinger\iFinger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: iFinger - {936E5D60-596C-11D3-BB96-00600816DF55} - C:\WINDOWS\system32\SHDOCVW.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.dts.edu
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Parallels Tools Utility Service (toolsrv) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\toolsrv.exe

--
End of file - 6934 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R0 timounter (Acronis TrueImage Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 PrlNP - c:\windows\system32\drivers\prlfs.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
R2 prl_paravirt_32 (Parallels Paravirtualization Driver) - c:\windows\system32\drivers\prl_paravirt_32.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0>
R2 PrlTime (Parallels Time Synchronization Driver) - c:\windows\system32\drivers\prltime.sys
R2 tifsfilter (Acronis TrueImage FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; TrueImage>
R3 PCITG - c:\windows\system32\drivers\pcitg.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
R3 prleth (Parallels Network Adapter) - c:\windows\system32\drivers\prleth.sys <Not Verified; Parallels Software International, Inc.; Parallels Workstation 3.0>
R3 PrlMouse (Parallels Mouse Synchronization Tool) - c:\windows\system32\drivers\prlmouse.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>
R3 PrlVideo - c:\windows\system32\drivers\prlvideo.sys <Not Verified; Parallels Software International, Inc.; Parallels Tools>

S2 portD (CMS PortIO Service) - c:\windows\system32\drivers\portd2k.sys (file missing)
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 RimUsb (BlackBerry Device) - c:\windows\system32\drivers\rimusb.sys (file missing)
S3 USA19H - c:\windows\system32\drivers\usa19h2k.sys (file missing)
S3 USA19H2KP (Keyspan USB Serial Port Driver) - c:\windows\system32\drivers\usa19h2kp.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AcrSch2Svc (Acronis Scheduler2 Service) - "c:\program files\common files\acronis\schedule2\schedul2.exe" <Not Verified; Acronis; Acronis Scheduler 2>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 cohrence (Parallels Coherence Service) - "c:\program files\parallels\parallels tools\cohrence.exe" <Not Verified; Parallels Software International, Inc.; Parallels Tools>
R2 toolsrv (Parallels Tools Utility Service) - c:\program files\parallels\parallels tools\toolsrv.exe <Not Verified; Parallels Software International, Inc.; Parallels Tools>

S2 RoxLiveShare9 (LiveShare P2P Server 9) - "c:\program files\common files\roxio shared\9.0\sharedcom\roxliveshare9.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {D45B1C18-C8FA-11D1-9F77-0000F805F530}
Description: NT Apm/Legacy Interface Node
Device ID: ROOT\NTAPM\0000
Manufacturer: Microsoft
Name: NT Apm/Legacy Interface Node
PNP Device ID: ROOT\NTAPM\0000
Service: NtApm


-- Scheduled Tasks -------------------------------------------------------------

2008-06-17 13:21:17 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-01-17 08:03:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-17 and 2008-06-17 -----------------------------

2008-06-17 14:54:03 0 d-------- C:\Program Files\Trend Micro
2008-06-17 13:18:06 0 d-------- C:\Program Files\Windows Defender
2008-06-17 11:34:02 0 d-------- C:\Program Files\Common Files\Scansoft Shared
2008-06-15 23:26:36 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\.clamwin
2008-06-15 23:26:28 0 d-------- C:\Program Files\ClamWin
2008-06-15 23:26:28 0 d-------- C:\Documents and Settings\All Users\.clamwin
2008-06-15 22:46:23 0 d-------- C:\Program Files\7-Zip
2008-06-14 16:55:17 0 d--h----- C:\BJPrinter
2008-06-14 11:39:20 0 d-------- C:\.Trashes
2008-06-13 17:29:20 0 d-------- C:\Program Files\Windows Installer Clean Up
2008-06-12 15:09:45 79360 --a------ C:\Program Files\zlib32.dll <Not Verified; ; ZLib.DLL>
2008-06-12 15:09:44 77907 --a------ C:\Program Files\UserLocMgr.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:42 540767 --a------ C:\Program Files\UpgradeCfg.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:42 401408 --a------ C:\Program Files\toc_updt.exe <Not Verified; ; toc_updt Application>
2008-06-12 15:09:40 28749 --a------ C:\Program Files\PtSSLog.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:40 151631 --a------ C:\Program Files\PTATTACH.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:38 172032 --a------ C:\Program Files\mimepp_core.dll <Not Verified; Hunny Software, Inc; Hunny Software MIME++™ ToolBuzz™>
2008-06-12 15:09:37 49152 --a------ C:\Program Files\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2008-06-12 15:09:37 430153 --a------ C:\Program Files\ilx32.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:36 843852 --a------ C:\Program Files\iltif32.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:36 1687627 --a------ C:\Program Files\ilsync.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:35 233553 --a------ C:\Program Files\ilcoreres.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:34 319566 --a------ C:\Program Files\ilchoose.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:31 389203 --a------ C:\Program Files\CE.dll <Not Verified; Research In Motion; Research In Motion CE>
2008-06-12 15:09:30 1331281 --a------ C:\Program Files\Attendees.dll <Not Verified; Intellisync Corporation.; Default product name string>
2008-06-12 15:09:21 0 d-------- C:\Program Files\Transaction Manager
2008-06-12 15:09:21 0 d-------- C:\Program Files\Template
2008-06-12 14:46:06 0 d-------- C:\Program Files\Sametime
2008-06-12 14:46:06 0 d-------- C:\Program Files\Pumatech Desktop Setup
2008-06-12 14:31:46 0 d-------- C:\Program Files\Acronis True Image
2008-06-12 14:30:03 0 d-------- C:\Program Files\Libronix DLS
2008-06-12 14:30:02 0 d-------- C:\Program Files\Documentation
2008-06-12 14:29:41 0 d-------- C:\Program Files\Data Migration Wizard
2008-06-12 14:29:30 0 d-------- C:\Untranscribed Recorded Material
2008-06-12 14:29:25 0 d-------- C:\Program Files\Cucusoft
2008-06-12 14:29:08 0 d-------- C:\Program Files\Connectors
2008-06-12 14:29:08 0 d-------- C:\Program Files\CMS Products
2008-06-12 14:29:05 0 d-------- C:\Program Files\Agent Ransack
2008-06-12 14:29:04 0 d-------- C:\Program Files\Action Engine
2008-06-12 14:27:10 0 d-------- C:\Program Files\Scientific Software
2008-06-12 14:27:08 0 d-------- C:\Program Files\Blackberry
2008-06-06 17:43:58 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\CloseAllWindows
2008-06-06 17:21:24 0 d-------- C:\Program Files\closewin
2008-06-05 14:18:24 0 d-------- C:\Program Files\nthClock
2008-06-05 08:57:18 0 d-------- C:\Program Files\Utilities
2008-06-05 08:37:56 0 d-------- C:\WINDOWS\system32\CLSID
2008-06-05 08:31:56 0 d-------- C:\Program Files\Tunebite
2008-06-05 08:31:24 0 d-------- C:\Program Files\PixiePack Codec Pack
2008-06-05 08:29:51 0 d-------- C:\Program Files\RapidSolution
2008-06-05 08:09:17 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Tunebite
2008-06-05 08:08:04 0 d-------- C:\Documents and Settings\All Users\Application Data\RapidSolution
2008-06-01 00:09:27 0 d-------- C:\Program Files\Silurian
2008-05-29 15:18:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-05-29 13:06:09 0 d-------- C:\Program Files\Alwil Software
2008-05-23 10:24:04 0 d-------- C:\Program Files\MSBuild
2008-05-23 10:23:49 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-05-23 10:23:33 0 d-------- C:\Program Files\Reference Assemblies
2008-05-23 10:17:53 0 d-------- C:\Program Files\MSXML 6.0
2008-05-22 15:45:03 0 dr-h----- C:\Documents and Settings\Mark Heinemann\Recent
2008-05-20 12:34:39 131376 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-05-20 12:26:28 0 d-------- C:\Program Files\Picasa2


-- Find3M Report ---------------------------------------------------------------

2008-06-17 11:34:02 0 d-------- C:\Program Files\Common Files
2008-06-15 22:22:40 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Parallels
2008-06-13 18:15:09 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Image Zone Express
2008-06-13 18:09:11 0 d-------- C:\Program Files\Slay
2008-06-13 17:28:45 0 d-------- C:\Program Files\MSECache
2008-06-13 17:20:08 0 d-------- C:\Program Files\Common Files\Research In Motion
2008-06-06 17:43:01 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-05 11:06:32 3268 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-06-01 03:30:18 43 --a------ C:\Program Files\league.sdl
2008-05-20 12:26:51 0 d-------- C:\Program Files\Google
2008-05-15 13:11:53 0 d-------- C:\Program Files\Seagate
2008-05-15 12:53:37 0 d-------- C:\Program Files\DiscWizard for Windows
2008-05-15 12:53:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-15 12:50:50 0 d-------- C:\Program Files\Common Files\InstallShield
2008-05-12 18:51:48 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Adobe
2008-05-12 18:49:20 1836 --a------ C:\WINDOWS\mozver.dat
2008-05-11 19:32:50 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Roxio
2008-05-08 20:56:18 143360 --a------ C:\WINDOWS\system32\PrlIcd32.dll <Not Verified; Parallels Software International, Inc.; Parallels Tools>
2008-05-08 20:56:02 27136 --a------ C:\WINDOWS\system32\PrlVideo.dll <Not Verified; Parallels Software International, Inc.; Parallels Tools>
2008-05-08 20:55:32 78848 --a------ C:\WINDOWS\system32\prlnp.dll
2008-05-08 20:55:06 49240 --a------ C:\WINDOWS\system32\PrlD3d8.dll <Not Verified; Microsoft Corporation; Wine>
2008-05-08 20:55:00 53336 --a------ C:\WINDOWS\system32\PrlD3d9.dll <Not Verified; Microsoft Corporation; Wine>
2008-05-08 20:54:42 274523 --a------ C:\WINDOWS\system32\wined3d.dll
2008-05-08 12:23:45 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Sun
2008-05-08 12:23:33 0 d-------- C:\Program Files\Java
2008-05-08 12:21:48 0 d-------- C:\Program Files\Common Files\Java
2008-05-04 18:42:05 0 d-------- C:\Program Files\Canon
2008-05-04 18:35:47 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\Canon
2008-05-04 18:17:21 0 d--h----- C:\Program Files\CanonBJ
2008-04-26 17:19:02 0 d-------- C:\Program Files\Common Files\Acronis
2008-04-26 13:45:19 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-04-26 13:44:55 0 d-------- C:\Documents and Settings\Mark Heinemann\Application Data\iolo
2008-04-26 12:19:19 0 d-------- C:\Program Files\DVR PC-Link
2008-04-15 23:05:05 1865 --a------ C:\Program Files\ModerateSample.sdk
2008-04-15 23:05:05 2030 --a------ C:\Program Files\HardSample.sdk
2008-04-15 23:05:05 1934 --a------ C:\Program Files\GentleSample.sdk
2008-04-15 23:05:05 310 --a------ C:\Program Files\4x4StarterSample.sdk
2008-04-15 23:05:05 312 --a------ C:\Program Files\4x4SimpleSample.sdk
2008-04-15 23:05:05 9157 --a------ C:\Program Files\16x16ModerateSample.sdk
2008-04-15 23:05:05 9148 --a------ C:\Program Files\16x16HardSample.sdk
2008-04-15 23:05:05 9139 --a------ C:\Program Files\16x16GentleSample.sdk
2008-04-03 07:54:37 256 --a------ C:\WINDOWS\system32\pool.bin


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/29/2003 16:00]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [09/11/2006 04:40]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [09/11/2006 04:40]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 16:27]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 23:16]
"TrueImageMonitor.exe"="E:\Acronis True Image\TrueImageMonitor.exe" []
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [11/28/2005 14:02]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25]
"Parallels Tools"="C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe" [05/08/2008 20:53]
"SharedInternetApplication"="C:\Program Files\Parallels\Parallels Tools\SIA\sharedintapp.exe" [05/08/2008 20:51]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [06/14/2008 14:13]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 19:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 07:00]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [09/11/2006 04:40]
"CloseAllWindows"="C:\Program Files\CloseAllWindows\CloseAllWindows.exe" []

C:\Documents and Settings\Mark Heinemann\Start Menu\Programs\Startup\
Intellicast.lnk - C:\Program Files\Intellicast\Intellicast.exe [2/13/2004 11:12:54]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
iFinger.lnk - C:\Program Files\iFinger\iFinger.exe [1/22/2007 12:05:28]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61acdc50-2c34-11dd-b6dc-806d6172696f}]
AutoRun\command- D:\PLAY.EXE "playlist.m3u"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9eb8a0b0-8946-11db-a8ca-00f43378a189}]
AutoRun\command- ntdelect.com
explore\Command- ntdelect.com
open\Command- ntdelect.com

*Newly Created Service* - WINDEFEND

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 .psf


-- End of Deckard's System Scanner: finished at 2008-06-17 14:55:14 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.55 MiB / 589.55 MiB
Pagefile Memory (total/avail): 1697.46 MiB / 1430.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.9 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 87.89 GiB total, 73.16 GiB free.
D: is CDROM (No Media)
X: is Network (PrlSF)
Y: is Network (PrlSF)
Z: is Network (PrlSF)

\\.\PHYSICALDRIVE0 - Virtual HDD [0] - 87.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 87.89 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Novell\\GroupWise\\grpwise.exe"="C:\\Novell\\GroupWise\\grpwise.exe:*:Enabled:Novell GroupWise"
"C:\\Novell\\GroupWise\\notify.exe"="C:\\Novell\\GroupWise\\notify.exe:*:Enabled:Novell Notify"
"E:\\Program Files\\Sametime\\jre\\bin\\sametime75.exe"="E:\\Program Files\\Sametime\\jre\\bin\\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Mark Heinemann\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BERLIN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Mark Heinemann
LOGONSERVER=\\BERLIN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\MARKHE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\MARKHE~1\LOCALS~1\Temp
USERDOMAIN=BERLIN
USERNAME=Mark Heinemann
USERPROFILE=C:\Documents and Settings\Mark Heinemann
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Mark Heinemann (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Acronis True Image --> MsiExec.exe /X{CA83357B-931E-44DC-AD43-9996FEEB8116}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agent Ransack Version 1.7.3 --> "E:\Program Files\Agent Ransack\unins000.exe"
all versions of Conquest --> "C:\Program Files\Conquest\unins001.exe"
all versions of Slay --> "C:\Program Files\Slay\unins000.exe"
AnSWR --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AnSWR\Uninst.isu"
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATLAS.ti 5.2 --> MsiExec.exe /I{C454FB57-6576-4A65-94C8-B59FB0484826}
BibleWorks --> C:\WINDOWS\uninst.exe -f"c:\program files\DeIsL1.isu"
Canon i560 --> C:\WINDOWS\system32\CNMCP58.exe "-PRINTERNAMECanon i560" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i560 Installer\Inst2\cnmi0409.dll"
Canon MP Navigator 2.2 --> "C:\Program Files\Canon\MP Navigator 2.2\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.2\uninst.ini
Canon MP530 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{3215EBED-1D06-42fb-A05C-A752A46FB24C}\DelDrv.exe" /U:{3215EBED-1D06-42fb-A05C-A752A46FB24C} /L0x0009
ClamWin Free Antivirus 0.93.1 --> "C:\Program Files\ClamWin\unins000.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conquest 2.1g --> "C:\Program Files\Conquest\unins000.exe"
Cucusoft DVD to iPod Converter 5.15 --> "E:\Program Files\Cucusoft\ipod-converter\unins000.exe"
DiscWizard for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1BC8E02-6B5B-4B4A-A75F-B27A16918C2B}\Setup.exe"
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
EndNote X Volume License Edition --> MsiExec.exe /I{FE4BD9BD-4A26-4F39-B12C-19336204B102}
Express Burn --> C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Files Search Assistant 3.0 --> "C:\Program Files\Files Search Assistant\unins000.exe"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
GroupWise --> MsiExec.exe /I{1C016A32-6BE3-475A-AA57-83195D07EE0C}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Driver Diagnostics --> MsiExec.exe /X{6314D540-E3C1-4F30-AEEB-4154C93375C3}
HP Photo and Imaging 2.0 - All-in-One --> MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - All-in-One Drivers --> MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - hp psc 1200 series --> C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
hp psc 1200 series --> MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IBM Lotus Sametime Connect 7.5 --> MsiExec.exe /I{4AA455FB-BFEE-473C-AA0E-4FDA505F6FB7}
iFinger --> C:\PROGRA~1\iFinger\UNWISE.EXE C:\PROGRA~1\iFinger\INSTALL.LOG
Intellicast Desktop --> MsiExec.exe /X{73ACFCD5-4CA0-4404-8A50-009942DE70AB}
ISI ResearchSoft - Export Helper --> C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Libronix Digital Library System --> C:\Program Files\Libronix DLS\System\Unsetup.exe
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
nthClock --> C:\WINDOWS\uninst.exe -f"C:\Program Files\nthClock\DeIsL1.isu" -c"C:\Program Files\nthClock\_ISREG32.DLL"
Olive Tree NIV for Blackberry --> MsiExec.exe /X{E9345049-8BF2-4F51-9108-13D13B6158AA}
Parallels Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B730E908-1FD5-4170-A0FE-B6AB874344F0}\setup.exe" -l0x9 -removeonly
PC Magazine's Top 100s as Internet Explorer Favorites --> "C:\Documents and Settings\Mark Heinemann\Application Data\unins000.exe"
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PixiePack Codec Pack --> MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
Preclick PhotoBack Plug-in for HP --> MsiExec.exe /X{E13A66A4-8A37-451E-B4C5-E60BA0A777E3}
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Seagate SeaTools English Online --> RunDll32.exe C:\DOCUME~1\MARKHE~1\Desktop\NPSEAT~1.DLL,DllUninstallServer
Slay 5.0 --> "E:\Program Files\Slay\unins000.exe"
Snood for Windows version 3.52-W --> "C:\Program Files\Snood\unins000.exe"
Sudoku Dragon --> C:\Program Files\Silurian\Sudoku\setup.exe -R
Tunebite --> MsiExec.exe /I{0657913A-18BA-414B-A84D-0302BA3A44AD}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type7008 / Warning
Event Submitted/Written: 06/17/2008 02:54:55 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type7007 / Warning
Event Submitted/Written: 06/17/2008 02:54:55 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}', feature 'NatSpeak', component '{9B54FA74-C216-41D2-9BF5-58162F7BD668}' failed. The resource 'C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe' does not exist.

Event Record #/Type7004 / Warning
Event Submitted/Written: 06/17/2008 02:54:51 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'

Event Record #/Type7003 / Warning
Event Submitted/Written: 06/17/2008 02:54:51 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}', feature 'NatSpeak', component '{9B54FA74-C216-41D2-9BF5-58162F7BD668}' failed. The resource 'C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe' does not exist.

Event Record #/Type6999 / Warning
Event Submitted/Written: 06/17/2008 02:54:35 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}', feature 'NatSpeak' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3713 / Warning
Event Submitted/Written: 06/17/2008 02:54:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BERLIN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BERLIN27 can't undo changes that you allow.

For more information please see the following:
%BERLIN275

Scan ID: {0521145F-435D-4D4A-83C1-0E48F70E6584}

User: BERLIN\Mark Heinemann

Name: %BERLIN271

ID: %BERLIN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BERLIN276

Alert Type: %BERLIN278

Detection Type: 1.1.1593.02

Event Record #/Type3712 / Warning
Event Submitted/Written: 06/17/2008 02:54:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BERLIN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BERLIN27 can't undo changes that you allow.

For more information please see the following:
%BERLIN275

Scan ID: {A35B629D-E347-4BCA-999C-629AE0C61ADB}

User: BERLIN\Mark Heinemann

Name: %BERLIN271

ID: %BERLIN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BERLIN276

Alert Type: %BERLIN278

Detection Type: 1.1.1593.02

Event Record #/Type3711 / Warning
Event Submitted/Written: 06/17/2008 02:54:51 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BERLIN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BERLIN27 can't undo changes that you allow.

For more information please see the following:
%BERLIN275

Scan ID: {E973237D-8F94-4029-9DA1-D0E007FD6947}

User: BERLIN\Mark Heinemann

Name: %BERLIN271

ID: %BERLIN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BERLIN276

Alert Type: %BERLIN278

Detection Type: 1.1.1593.02

Event Record #/Type3708 / Warning
Event Submitted/Written: 06/17/2008 02:54:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BERLIN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BERLIN27 can't undo changes that you allow.

For more information please see the following:
%BERLIN275

Scan ID: {C4C4A414-36F1-451E-B6DB-7A7BF5D42B55}

User: BERLIN\Mark Heinemann

Name: %BERLIN271

ID: %BERLIN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BERLIN276

Alert Type: %BERLIN278

Detection Type: 1.1.1593.02

Event Record #/Type3707 / Warning
Event Submitted/Written: 06/17/2008 02:54:48 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%BERLIN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %BERLIN27 can't undo changes that you allow.

For more information please see the following:
%BERLIN275

Scan ID: {FF72B2DD-75B7-4043-A6A3-8864F2DE0CF2}

User: BERLIN\Mark Heinemann

Name: %BERLIN271

ID: %BERLIN272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %BERLIN276

Alert Type: %BERLIN278

Detection Type: 1.1.1593.02



-- End of Deckard's System Scanner: finished at 2008-06-17 14:55:14 ------------

BC AdBot (Login to Remove)

 


#2 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 AM

Posted 10 July 2008 - 09:29 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:54 AM

Posted 16 July 2008 - 09:22 PM

Due to lack of the feedback this topic is closed.

If you still need help send a PM to moderating team for requesting reopening.

This applies to original thread starter only, everyone else start a new topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users