Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Removal Help Request


  • Please log in to reply
3 replies to this topic

#1 SconnieDan

SconnieDan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 26 June 2008 - 08:23 PM

I have been having some trouble...here are my Hijackthis logs

Deckard's System Scanner v20071014.68
Run by UW2KSR5 on 2008-06-26 18:12:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 4 Restore Point(s) --
4: 2008-06-27 01:12:27 UTC - RP4 - Deckard's System Scanner Restore Point
3: 2008-06-26 19:51:44 UTC - RP3 - System Checkpoint
2: 2008-06-24 23:17:45 UTC - RP2 - System Checkpoint
1: 2008-06-23 21:04:28 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as UW2KSR5.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:25 PM, on 06/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\marimba\tuner\Tuner.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliADSIComm.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\LaunchU3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Uw2ksr5\Desktop\dss.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\UW2KSR5.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carenet.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: OutStart Knowledge - {1D979D49-A82E-46B6-9365-7E167D2A0D06} - C:\Program Files\OutStart\Knowledge Plug-ins\ekmExplorerPlugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe /p
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AT&T Global Network Client Monitor.lnk = C:\Program Files\AT&T Global Network Client\NetGM.exe
O4 - Global Startup: DLO Agent.lnk = C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOClientu.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187048919645
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187048903422
O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - https://research.thomsonone.com/plugins/BatchPrint.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase71/OrgPubX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = caremarkrx.net
O17 - HKLM\Software\..\Telephony: DomainName = caremarkrx.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = caremarkrx.net
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MarimbaEndPoint - Marimba, Inc. - C:\program files\marimba\tuner\Tuner.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VERITAS NetBackup DLO Agent Change Journal Reader (VRTSChangeJournalReader) - VERITAS Software Corporation - C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOChangeLogSvcu.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11864 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 EAFSPROT - c:\windows\system32\drivers\eafsprot.sys <Not Verified; GuardianEdge Technologies, Inc.; GuardianEdge Hard Disk Encryption>
R0 EPHDXLAT (PC Guardian Encryption Filter) - c:\windows\system32\drivers\ephdxlat.sys <Not Verified; GuardianEdge Technologies, Inc.; Encryption Plus Hard Disk>
R0 FirePM (McAfee HIP Component FirePM) - c:\windows\system32\drivers\firepm.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
R1 FireHook (McAfee HIP Component FireHook) - c:\windows\system32\drivers\firehk5x.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
R1 FireTDI (McAfee HIP Component FireTDI) - c:\windows\system32\drivers\firetdi.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 firelm01 - c:\windows\system32\drivers\firelm01.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
R3 hidsys - c:\windows\system32\drivers\hidsys.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>

S3 aeaudio - c:\windows\system32\drivers\aeaudio.sys (file missing)
S3 smwdm - c:\windows\system32\drivers\smwdm.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Diskeeper - "c:\program files\executive software\diskeeper\dkservice.exe" <Not Verified; Executive Software International, Inc.; Diskeeper ™ Disk Defragmenter>
R2 DWMRCS (DameWare Mini Remote Control) - c:\windows\system32\dwrcs.exe -service <Not Verified; DameWare Development LLC; DameWare Development DWRCS>
R2 EAFRCliManager - "c:\program files\encryption anywhere\encryption anywhere clients\eafrclimanager.exe" <Not Verified; GuardianEdge Technologies, Inc.; Encryption Anywhere Framework>
R2 enterceptAgent (McAfee Host Intrusion Prevention Service) - "c:\program files\mcafee\host intrusion prevention\firesvc.exe" <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
R2 MarimbaEndPoint - c:\program files\marimba\tuner\tuner.exe <Not Verified; Marimba, Inc.; Marimba Tuner>
R2 NetCfgSvr (Network Configuration Service) - c:\progra~1\at&tgl~1\netcfgsv.exe <Not Verified; AT&T; NetCfgSvr Module>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 TPAutoConnSvc (TP AutoConnect Service) - "c:\program files\vmware\vmware tools\tpautoconnsvc.exe" <Not Verified; ThinPrint GmbH; TPAutoConnect>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-06-26 17:47:53 1046 --a------ C:\WINDOWS\Tasks\HF_BOOT_TASK_JOB (Install_tasks.xml).job
2008-04-30 09:47:34 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-05-26 and 2008-06-26 -----------------------------

2008-06-26 18:15:58 0 d-------- C:\Program Files\Trend Micro
2008-06-26 09:05:54 188416 --a------ C:\WINDOWS\system32\KevlarSigs.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-06-26 09:05:54 34317 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2008-06-26 09:05:54 53248 --a------ C:\WINDOWS\system32\hidapistub.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-06-26 09:05:54 176128 --a------ C:\WINDOWS\system32\hidapi.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-06-26 09:05:43 181760 --a------ C:\WINDOWS\system32\drivers\HidSys.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-06-25 16:45:46 0 dr-h----- C:\Documents and Settings\Uw2ksr5\Recent
2008-06-23 13:16:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 11:33:11 0 d-------- C:\Program Files\Lavasoft
2008-06-23 11:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 11:31:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 09:49:19 0 d-------- C:\Program Files\Encryption Anywhere
2008-06-19 11:13:13 0 d-------- C:\Documents and Settings\Uw2ksr5\Application Data\lbviewer


-- Find3M Report ---------------------------------------------------------------

2008-06-26 17:48:14 3 --a------ C:\WINDOWS\system32\SysCalls.dat
2008-06-23 11:31:33 0 d-------- C:\Program Files\Common Files
2008-06-02 16:33:37 38335 --a------ C:\Documents and Settings\Uw2ksr5\Application Data\Microsoft Excel.ADR
2008-05-23 09:09:31 0 d-------- C:\Program Files\Citrix
2008-05-21 09:10:44 0 d-------- C:\Program Files\OutStart
2008-05-20 15:58:15 0 d-------- C:\Documents and Settings\Uw2ksr5\Application Data\CVS
2008-04-30 09:47:27 0 d-------- C:\Program Files\Apple Software Update


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}]
03/10/2008 03:58 PM 282636 --a------ C:\Program Files\eSoftware\studio.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [03/27/2007 03:06 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"%%DELETE_VALUE%%"="CreateCD50" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"@"="" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/27/2008 11:12 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/2002 01:14 PM]
"EAFRCliStart"="C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe" [07/24/2007 01:35 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/18/2008 09:25 AM]

C:\Documents and Settings\Uw2ksr5\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\Documents and Settings\Uw2ksr5\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [09/17/2007 8:46:28 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
AT&T Global Network Client Monitor.lnk - C:\Program Files\AT&T Global Network Client\NetGM.exe [08/20/2007 12:51:00 PM]
DLO Agent.lnk - C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOClientu.exe [04/01/2004 3:41:32 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/12/2007 9:48:03 AM]
McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [08/20/2007 12:51:28 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/12/2006 4:37:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)
"LogonType"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=bkgrnd.bmp
"WallpaperStyle"=0
"NoVisualStyleChoice"=1 (0x1)
"NoSizeChoice"=1 (0x1)
"NoColorChoice"=1 (0x1)
"SetVisualStyle"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"Intellimenus"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=0 (0x0)
"ForceClassicControlPanel"=1 (0x1)
"NoThemesTab"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 05/23/2008 09:09 AM 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll 05/01/2007 07:21 PM 364544 C:\WINDOWS\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4258776639-1271169360-244890835-129011\Scripts\Logon\0\0]
"Script"=pmsg_phx_faststart.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ae0049-5d56-11dc-b8b4-001c23084732}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd36e81-9128-11dc-b8fc-001c23084732}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1e77690-8fc1-11dc-b8fa-001c23084732}]
AutoRun\command- E:\LaunchU3.exe

*Newly Created Service* - HIDSYS



-- End of Deckard's System Scanner: finished at 2008-06-26 18:18:05 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5600 @ 1.83GHz
CPU 1: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 49%
Physical Memory (total/avail): 1014.02 MiB / 513.22 MiB
Pagefile Memory (total/avail): 2441.02 MiB / 2004.56 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1925.06 MiB

C: is Fixed (NTFS) - 37.25 GiB total, 12.99 GiB free.
D: is CDROM (No Media)
L: is Network (Unformatted)
M: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - ST940814AS - 37.26 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.25 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: McAfee Host Intrusion Prevention Firewall v6.1.0 (McAfee, Inc.) Disabled
AV: VirusScan Enterprise + AntiSpyware Enterprise v8.5.0.781 (McAfee, Inc.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Uw2ksr5\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LPC1R96DD1
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Uw2ksr5
HOMESHARE=\\azshhdp01n\home
LOGONSERVER=\\AZSHDCP03
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Common Files\Adaptec Shared\System\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Uw2ksr5\LOCALS~1\Temp
TMP=C:\DOCUME~1\Uw2ksr5\LOCALS~1\Temp
USERDNSDOMAIN=CAREMARKRX.NET
USERDOMAIN=CAREMARKRX
USERNAME=UW2KSR5
USERPROFILE=C:\Documents and Settings\Uw2ksr5
VSEDEFLOGDIR=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

ua3i2k6 (new local, admin, net ready)
Uw2ksr5 (admin)
SysAdmin (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8 Professional - English, Franšais, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AT&T Global Network Client --> C:\Program Files\AT&T Global Network Client\NetUN.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Canon MP160 --> "C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Caremark True Type Font --> MsiExec.exe /I{1F1E7A82-CAD6-43C9-8C01-5CE600AFC6A8}
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{C49067A8-8212-4A82-A4D9-1519701644F0}
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Diskeeper Professional Edition --> MsiExec.exe /X{76EF79CA-A6A8-41C4-AE49-E49BA075FA51}
Easy CD Creator 5 Basic --> MsiExec.exe /I{1CA9DB68-9BB6-4211-B83F-CC0781BD9292}
Encryption Anywhere Framework Client --> MsiExec.exe /X{7EDD1CCA-F75D-4DB2-A958-B2E83C840EAF}
Encryption Anywhere Hard Disk Client --> MsiExec.exe /X{EC901028-585B-4277-9FCD-2B3272C290EA}
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GoToAssist 8.0.0.508 --> C:\Program Files\Citrix\GoToAssist\508\G2AUninstaller.exe /uninstall
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Drive Key Boot Utility --> C:\Program Files\Compaq\hpdkbu\hpuninst.exe
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java DB 10.3.1.4 --> MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java™ 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java™ SE Development Kit 6 Update 4 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160040}
Join (Merge, Combine) Multiple (or Two) HTML Files Into One Sof --> "C:\Program Files\Join (Merge, Combine) Multiple (or Two) HTML Files Into One Software\unins000.exe"
LEGATO EmailXtender Shortcut Addin 4.70 --> MsiExec.exe /X{BEF5B614-5652-49B5-90A0-7F47DABA0E9F}
MarimbaEndPoint --> MsiExec.exe /X{AB41E89C-1863-42D6-8C2E-1D40E643ECBA}
McAfee AntiSpyware Enterprise Module --> "C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee Host Intrusion Prevention --> "C:\Program Files\McAfee\Host Intrusion Prevention\HipManage.exe" -rm -confirm -removeonly
McAfee VirusScan Enterprise --> MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{90CC4231-94AC-45CD-991A-0253BFAC0650}
MetaFrame Presentation Server Web Client for Win32 --> C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{52FA9120-46E5-47DB-B957-81C9CC9BF886}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
OutStart Knowledge Plug-ins --> MsiExec.exe /I{F6AB1F7B-C520-4BD8-B5E2-D6641111020F}
OZ776 SCR CardBus Windows Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
Prospect Finder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC9A36F9-3D80-11D5-8736-000476324DEA}\setup.exe" -l0x9 -uninst
QDA Miner 3.0 --> C:\PROGRA~1\PROVAL~1\Data\UNWISE.EXE C:\PROGRA~1\PROVAL~1\Data\QDAMiner.LOG
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RDF - Gravity 1.0 --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "http://semweb.salzburgresearch.at/apps/rdf-gravity/jws/rdf-gravity.jnlp"
RTFEDIT 3.0 ActiveX --> C:\WINDOWS\ST5UNST.EXE -n "C:\WINDOWS\system32\ST5UNST.LOG"
Sametime Client v3.1 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lotus\Sametime Client\STCUnins.isu"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook --> MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
VERITAS NetBackup DLO Agent --> MsiExec.exe /I{77C30D9A-E7FA-44D0-BB83-DBB8541E196C}
VMware Tools --> MsiExec.exe /I{3B410500-1802-488E-9EF1-4B11992E0440}
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Word Frequency Count In Multiple Text & HTML Files Software 7.0 --> "C:\Program Files\Word Frequency Count In Multiple Text & HTML Files Software\unins000.exe"
WordStat v5.1 --> C:\PROGRA~1\PROVAL~1\UNWISE.EXE C:\PROGRA~1\PROVAL~1\WORDSTAT5.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type30346 / Error
Event Submitted/Written: 06/26/2008 05:55:17 PM
Event ID/Source: 4126 / Ci
Event Description:
Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will
be automatically restored by refiltering all documents.

Event Record #/Type30345 / Error
Event Submitted/Written: 06/26/2008 05:55:17 PM
Event ID/Source: 4124 / Ci
Event Description:
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Event Record #/Type30344 / Warning
Event Submitted/Written: 06/26/2008 05:55:17 PM
Event ID/Source: 4132 / Ci
Event Description:
1 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.

Event Record #/Type30339 / Error
Event Submitted/Written: 06/26/2008 05:48:30 PM
Event ID/Source: 1000 / UserInit
Event Description:
Could not execute the following script pmsg_phx_faststart.bat. The system cannot find the file specified.
.

Event Record #/Type30338 / Error
Event Submitted/Written: 06/26/2008 05:48:21 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type14049 / Error
Event Submitted/Written: 06/26/2008 06:03:05 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Event Record #/Type14048 / Warning
Event Submitted/Written: 06/26/2008 06:03:05 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Event Record #/Type14028 / Error
Event Submitted/Written: 06/26/2008 05:49:07 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the VMware Tools Service service to connect.

Event Record #/Type14027 / Warning
Event Submitted/Written: 06/26/2008 05:49:05 PM
Event ID/Source: 8193 / LSASRV
Event Description:
The Security System could not establish a secured connection with the server DNS/azshextsec01.pcshs.com. No authentication protocol was available.

Event Record #/Type14026 / Warning
Event Submitted/Written: 06/26/2008 05:49:05 PM
Event ID/Source: 8192 / LSASRV
Event Description:
The Security System detected an attempted downgrade attack for
server DNS/azshextsec01.pcshs.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".



-- End of Deckard's System Scanner: finished at 2008-06-26 18:18:05 ------------

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 20 July 2008 - 03:35 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new HijackThis log, along with a description of any problems you are experiencing. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Thank you for your patience.

#3 SconnieDan

SconnieDan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:57 PM

Posted 21 July 2008 - 08:49 PM

I have been having trouble with frequent popups and beeping banner ads.
thanks


Deckard's System Scanner v20071014.68
Run by Uw2ksr5 on 2008-07-21 18:43:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Uw2ksr5.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:44:16 PM, on 07/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\program files\marimba\tuner\Tuner.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliADSIComm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\LaunchU3.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Uw2ksr5\Desktop\dss.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Uw2ksr5.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.carenet.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: IE - {D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E} - C:\Program Files\eSoftware\studio.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: OutStart Knowledge - {1D979D49-A82E-46B6-9365-7E167D2A0D06} - C:\Program Files\OutStart\Knowledge Plug-ins\ekmExplorerPlugin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [EAFRCliStart] C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe /p
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sametime Connect] "C:\Program Files\Lotus\Sametime Client\Connect.exe"
O4 - Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AT&T Global Network Client Monitor.lnk = C:\Program Files\AT&T Global Network Client\NetGM.exe
O4 - Global Startup: DLO Agent.lnk = C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOClientu.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: McAfee Host Intrusion Prevention Tray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187048919645
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187048903422
O16 - DPF: {80922B68-D8DE-11D5-8D10-0050DAD09327} (Batch Processing Control) - https://research.thomsonone.com/plugins/BatchPrint.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase71/OrgPubX.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = caremarkrx.net
O17 - HKLM\Software\..\Telephony: DomainName = caremarkrx.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = caremarkrx.net
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: TPSvc - C:\WINDOWS\SYSTEM32\TPSvc.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: EAFRCliManager - GuardianEdge Technologies, Inc. - C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliManager.exe
O23 - Service: McAfee Host Intrusion Prevention Service (enterceptAgent) - McAfee, Inc. - C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MarimbaEndPoint - Marimba, Inc. - C:\program files\marimba\tuner\Tuner.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TP AutoConnect Service (TPAutoConnSvc) - ThinPrint GmbH - C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VERITAS NetBackup DLO Agent Change Journal Reader (VRTSChangeJournalReader) - VERITAS Software Corporation - C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOChangeLogSvcu.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12164 bytes

-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2008-07-21 16:50:30 192512 --a------ C:\WINDOWS\system32\KevlarSigs.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-07-21 16:50:30 34327 --a------ C:\WINDOWS\system32\kevlar_api_hook_list.dat
2008-07-21 16:50:30 53248 --a------ C:\WINDOWS\system32\hidapistub.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-07-21 16:50:30 176128 --a------ C:\WINDOWS\system32\hidapi.dll <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-07-21 16:50:19 181760 --a------ C:\WINDOWS\system32\drivers\HidSys.sys <Not Verified; McAfee, Inc.; McAfee Host Intrusion Prevention>
2008-07-21 16:47:48 0 dr-h----- C:\Documents and Settings\Uw2ksr5\Recent
2008-07-08 16:18:22 0 d-------- C:\Program Files\Iomega
2008-06-26 18:15:58 0 d-------- C:\Program Files\Trend Micro
2008-06-23 13:16:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-23 11:33:11 0 d-------- C:\Program Files\Lavasoft
2008-06-23 11:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-23 11:31:33 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-23 09:49:19 0 d-------- C:\Program Files\Encryption Anywhere


-- Find3M Report ---------------------------------------------------------------

2008-07-21 16:50:32 3 --a------ C:\WINDOWS\system32\SysCalls.dat
2008-07-08 11:02:44 0 d-------- C:\Program Files\QuickTime
2008-06-23 11:31:33 0 d-------- C:\Program Files\Common Files
2008-06-19 11:13:13 0 d-------- C:\Documents and Settings\Uw2ksr5\Application Data\lbviewer
2008-06-02 16:33:37 38335 --a------ C:\Documents and Settings\Uw2ksr5\Application Data\Microsoft Excel.ADR
2008-05-23 09:09:31 0 d-------- C:\Program Files\Citrix
2008-05-21 09:10:44 0 d-------- C:\Program Files\OutStart


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D83A7B12-A4D4-4984-8F72-D41C6B4C1E6E}]
03/10/2008 03:58 PM 282636 --a------ C:\Program Files\eSoftware\studio.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [03/27/2007 03:06 PM]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [02/22/2007 08:50 PM]
"SigmatelSysTrayApp"="stsystra.exe" [03/24/2006 05:30 PM C:\WINDOWS\stsystra.exe]
"%%DELETE_VALUE%%"="CreateCD50" []
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [10/22/2006 11:24 PM]
"@"="" []
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [02/27/2008 11:12 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"CreateCD50"="C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [12/17/2002 01:14 PM]
"EAFRCliStart"="C:\Program Files\Encryption Anywhere\Encryption Anywhere Clients\EAFRCliStart.exe" [07/24/2007 01:35 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [07/26/2005 05:52 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/18/2008 09:25 AM]
"Sametime Connect"="C:\Program Files\Lotus\Sametime Client\Connect.exe" [06/28/2003 08:13 PM]

C:\Documents and Settings\Uw2ksr5\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - C:\Documents and Settings\Uw2ksr5\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [09/17/2007 8:46:28 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [10/23/2006 12:01:50 AM]
AT&T Global Network Client Monitor.lnk - C:\Program Files\AT&T Global Network Client\NetGM.exe [08/20/2007 12:51:00 PM]
DLO Agent.lnk - C:\Program Files\VERITAS\NetBackup\NT\DLO\DLOClientu.exe [04/01/2004 3:41:32 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/12/2007 9:48:03 AM]
McAfee Host Intrusion Prevention Tray.lnk - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [08/20/2007 12:51:28 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [03/12/2006 4:37:04 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunLogonScriptSync"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)
"LogonType"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper"=bkgrnd.bmp
"WallpaperStyle"=0
"NoVisualStyleChoice"=1 (0x1)
"NoSizeChoice"=1 (0x1)
"NoColorChoice"=1 (0x1)
"SetVisualStyle"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"Intellimenus"=1 (0x1)
"ClearRecentDocsOnExit"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoActiveDesktop"=1 (0x1)
"NoActiveDesktopChanges"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoThemesTab"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 05/23/2008 09:09 AM 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc]
TPSvc.dll 05/01/2007 07:21 PM 364544 C:\WINDOWS\system32\TPSvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4258776639-1271169360-244890835-129011\Scripts\Logon\0\0]
"Script"=pmsg_phx_faststart.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73ae0049-5d56-11dc-b8b4-001c23084732}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7dd36e81-9128-11dc-b8fc-001c23084732}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1e77690-8fc1-11dc-b8fa-001c23084732}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-21 18:45:29 ------------

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:57 AM

Posted 22 July 2008 - 06:12 AM

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users