Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz Percentage of Memory in Use: 53% Physical Memory (total/avail): 767.36 MiB / 357 MiB Pagefile Memory (total/avail): 1876.13 MiB / 1505.69 MiB Virtual Memory (total/avail): 2047.88 MiB / 1917.48 MiB C: is Fixed (NTFS) - 55.88 GiB total, 44.38 GiB free. D: is CDROM (No Media) \\.\PHYSICALDRIVE0 - FUJITSU MHT2060AT PL - 55.89 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 55.88 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is enabled. AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:America Online 9.0" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Disabled:Halo" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\lo\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=LUIS-Y8MUIX0IKN ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\lo LOGONSERVER=\\LUIS-Y8MUIX0IKN NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Common Files\Adaptec Shared\System PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0209 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\lo\LOCALS~1\Temp TMP=C:\DOCUME~1\lo\LOCALS~1\Temp USERDOMAIN=LUIS-Y8MUIX0IKN USERNAME=lo USERPROFILE=C:\Documents and Settings\lo windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- lo [I](admin)[/I] Administrator [I](new local, admin)[/I] -- Add/Remove Programs --------------------------------------------------------- --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNNMP.exe /UNINSTALL --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003} Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log America Online (Choose which version to remove) --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe AOL Coach Version 1.0(Build:20030807.3) --> C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe Broadcom 440x 10/100 Integrated Controller --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033 C-Major Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Conexant D480 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe" DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe" Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe Internet Speed Monitor --> C:\Program Files\ISM\Uninstall.exe Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} KWorld PVR-TV BDA Drivers --> C:\WINDOWS\emunist.exe LEGO Racers --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers\Uninst.isu" LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe" LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Halo --> "C:\Program Files\Microsoft Games\Halo\UNINSTAL.EXE" /runtemp /addremove Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office 2000 Disc 2 --> MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7} Microsoft Office 2000 Professional --> MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Nero Suite --> C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83} Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Media Encoder 9 Series --> msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series --> MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Zune --> MsiExec.exe /X{FE0256DB-509C-40AC-B888-2543AD4298E6} Zune Language Pack (ES) --> MsiExec.exe /I{EE4ACABF-531E-419A-9225-B8E0FA4955AF} Zune Language Pack (FR) --> MsiExec.exe /I{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3} -- Application Event Log ------------------------------------------------------- Event Record #/Type5910 / Error Event Submitted/Written: 03/09/2008 05:22:52 PM Event ID/Source: 51 / Symantec AntiVirus Event Description: Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\ssttu.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Event Record #/Type5909 / Error Event Submitted/Written: 03/09/2008 05:22:51 PM Event ID/Source: 5 / Symantec AntiVirus Event Description: Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\ssttu.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Event Record #/Type5908 / Error Event Submitted/Written: 03/09/2008 05:22:51 PM Event ID/Source: 46 / Symantec AntiVirus Event Description: Security Risk Found!Risk: Trojan.Vundo in File: C:\WINDOWS\system32\ssttu.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: Event Record #/Type5907 / Error Event Submitted/Written: 03/09/2008 05:22:37 PM Event ID/Source: 51 / Symantec AntiVirus Event Description: Security Risk Found!Risk: Trojan.Vundo in File: C:\Documents and Settings\lo\Local Settings\Temporary Internet Files\Content.IE5\W0N5NQEI\aqua3d[1] by: Auto-Protect scan. Action: Reboot Required. Action Description: Risk was partially removed. Event Record #/Type5906 / Error Event Submitted/Written: 03/09/2008 05:22:29 PM Event ID/Source: 5 / Symantec AntiVirus Event Description: Risk Found!Risk: Trojan.Vundo in File: C:\Documents and Settings\lo\Local Settings\Temporary Internet Files\Content.IE5\W0N5NQEI\aqua3d[1] by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type19954 / Warning Event Submitted/Written: 03/09/2008 05:35:12 PM Event ID/Source: 3004 / WinDefend Event Description: %LUIS-Y8MUIX0IKN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LUIS-Y8MUIX0IKN27 can't undo changes that you allow. For more information please see the following: %LUIS-Y8MUIX0IKN275 Scan ID: {058D3100-9E7C-4A98-9D68-8AD555A435C8} User: LUIS-Y8MUIX0IKN\lo Name: %LUIS-Y8MUIX0IKN271 ID: %LUIS-Y8MUIX0IKN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %LUIS-Y8MUIX0IKN276 Alert Type: %LUIS-Y8MUIX0IKN278 Detection Type: 1.1.1593.02 Event Record #/Type19953 / Warning Event Submitted/Written: 03/09/2008 05:35:12 PM Event ID/Source: 3004 / WinDefend Event Description: %LUIS-Y8MUIX0IKN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LUIS-Y8MUIX0IKN27 can't undo changes that you allow. For more information please see the following: %LUIS-Y8MUIX0IKN275 Scan ID: {8FD9796C-D6E0-4151-853D-FE7449FCDF3F} User: LUIS-Y8MUIX0IKN\lo Name: %LUIS-Y8MUIX0IKN271 ID: %LUIS-Y8MUIX0IKN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %LUIS-Y8MUIX0IKN276 Alert Type: %LUIS-Y8MUIX0IKN278 Detection Type: 1.1.1593.02 Event Record #/Type19952 / Warning Event Submitted/Written: 03/09/2008 05:35:12 PM Event ID/Source: 3004 / WinDefend Event Description: %LUIS-Y8MUIX0IKN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LUIS-Y8MUIX0IKN27 can't undo changes that you allow. For more information please see the following: %LUIS-Y8MUIX0IKN275 Scan ID: {78CACA20-E556-4DBC-BCD3-66CF246A0353} User: LUIS-Y8MUIX0IKN\lo Name: %LUIS-Y8MUIX0IKN271 ID: %LUIS-Y8MUIX0IKN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %LUIS-Y8MUIX0IKN276 Alert Type: %LUIS-Y8MUIX0IKN278 Detection Type: 1.1.1593.02 Event Record #/Type19951 / Warning Event Submitted/Written: 03/09/2008 05:35:10 PM Event ID/Source: 3004 / WinDefend Event Description: %LUIS-Y8MUIX0IKN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LUIS-Y8MUIX0IKN27 can't undo changes that you allow. For more information please see the following: %LUIS-Y8MUIX0IKN275 Scan ID: {339CB6EF-0724-4566-997C-D400DCE4D1EF} User: LUIS-Y8MUIX0IKN\lo Name: %LUIS-Y8MUIX0IKN271 ID: %LUIS-Y8MUIX0IKN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %LUIS-Y8MUIX0IKN276 Alert Type: %LUIS-Y8MUIX0IKN278 Detection Type: 1.1.1593.02 Event Record #/Type19950 / Warning Event Submitted/Written: 03/09/2008 05:35:10 PM Event ID/Source: 3004 / WinDefend Event Description: %LUIS-Y8MUIX0IKN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %LUIS-Y8MUIX0IKN27 can't undo changes that you allow. For more information please see the following: %LUIS-Y8MUIX0IKN275 Scan ID: {3C08C067-92C2-49D8-9AC6-0508BA434E7E} User: LUIS-Y8MUIX0IKN\lo Name: %LUIS-Y8MUIX0IKN271 ID: %LUIS-Y8MUIX0IKN272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %LUIS-Y8MUIX0IKN276 Alert Type: %LUIS-Y8MUIX0IKN278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-03-09 17:36:27 ------------