Hello Rorschach. Followed the insturctions. After the scan in safe mode, I clicked to reboot, and the fixtool ran again. It flashed up that it was doing a Catchme scan and may take 5 minutes. After 20 nothing had changed so I closed the window. On my desktop was a log file called catchme. I have copied the contents below. After that follows main.txt and extra.txt
Thank you
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-03 12:04:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060ac77a6]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060ac77a6]
scanning hidden registry entries ...
scanning hidden files ...
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1618433.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r16391033.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r17511025.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r17511026.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r17531371.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1647891.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1650470.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1801419.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1803670.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1804248.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1804451.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1952782.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1954142.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r1623738.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r1623754.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r1623755.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r18101039.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r18511732.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r1852748.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1917511.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1918042.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r1919167.LOG 92 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r19451540.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r1945867.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r19591285.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r21071690.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r21071738.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r21271080.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r21271097.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r2128911.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r22061437.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r22071016.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r22081298.LOG 292 bytes
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r23001015.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r23001016.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\_r23021845.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r2019347.LOG
C:\Program Files\Trend Micro\Client Server Security Agent\HLog\r2022817.LOG 92 bytes
Deckard's System Scanner v20071014.68
Run by cfgeca on 2008-04-03 12:32:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
42: 2008-04-03 11:32:54 UTC - RP436 - Deckard's System Scanner Restore Point
41: 2008-04-02 12:57:39 UTC - RP435 - System Checkpoint
40: 2008-04-01 12:25:50 UTC - RP434 - Deckard's System Scanner Restore Point
39: 2008-03-31 11:29:03 UTC - RP433 - System Checkpoint
38: 2008-03-27 11:00:50 UTC - RP432 - Installed Ad-Aware 2007
-- First Restore Point --
1: 2008-01-07 13:41:09 UTC - RP395 - System Checkpoint
Performed disk cleanup.
Percentage of Memory in Use: 91% (more than 75%).Total Physical Memory: 504 MiB (512 MiB recommended).-- HijackThis (run as cfgeca.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:34:58, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\ZyXEL\ZyWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\DJ5FE6.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ZyXEL\ZyWALL VPN Client\SafeCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\cfgeca\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cfgeca.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dell.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {7f25213e-83b4-0e8b-47e4-5589e488ab71} - {17ba884e-9855-4e74-b8e0-4b38e31252f7} - C:\WINDOWS\system32\gmrrtxrj.dll
O2 - BHO: (no name) - {220A45A7-10F0-4732-A847-007B23FA957D} - C:\WINDOWS\system32\mlJCUMGA.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {94BC3D1D-22E9-4744-8ED1-3E08A3B74078} - C:\WINDOWS\system32\ssqQJCrp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [a8dc03c1] rundll32.exe "C:\WINDOWS\system32\kmyrgsrt.dll",b
O4 - HKLM\..\Run: [BMabef305d] Rundll32.exe "C:\WINDOWS\system32\tsvyahxb.dll",s
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: ZyWALL VPN Client.lnk = C:\Program Files\ZyXEL\ZyWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) -
https://cfgmsbserver...emote/msrdp.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GMCF.local
O17 - HKLM\Software\..\Telephony: DomainName = GMCF.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GMCF.local
O20 - Winlogon Notify: ssqQJCrp - C:\WINDOWS\SYSTEM32\ssqQJCrp.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\ZyXEL\ZyWALL VPN Client\IreIKE.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9832 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080402-143029-837 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080402-143029-920 O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
backup-20080402-143030-182 O4 - HKLM\..\Run: [ryhkncpq] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\ryhkncpq.dll"
backup-20080402-143030-279 O4 - HKLM\..\Run: [opongjel] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\opongjel.dll"
backup-20080402-143030-381 O4 - HKLM\..\Run: [a8dc03c1] rundll32.exe "C:\WINDOWS\system32\ofsymwnl.dll",b
backup-20080402-143030-883 O4 - HKLM\..\Run: [adgjofcr] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\adgjofcr.dll"
backup-20080402-143030-915 O4 - HKLM\..\Run: [zopajkti] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\zopajkti.dll"
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 Crypto - c:\windows\system32\drivers\crypto.sys <Not Verified; SafeNet; SafeNet CSP>
R2 IPSECDRV (SafeNet IPSec Plugin) - c:\windows\system32\drivers\ipsecdrv.sys <Not Verified; SafeNet; SafeNet VPN Client>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\client server security agent\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R3 catchme - c:\docume~1\cfgeca\locals~1\temp\catchme.sys (file missing)
S3 SE27mgmt (Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)) - c:\windows\system32\drivers\se27mgmt.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC Device Management>
S3 se27nd5 (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)) - c:\windows\system32\drivers\se27nd5.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
S3 SE27obex (Sony Ericsson Device 039 USB WMC OBEX Interface) - c:\windows\system32\drivers\se27obex.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB WMC OBEX Interface>
S3 se27unic (Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)) - c:\windows\system32\drivers\se27unic.sys <Not Verified; MCCI; Sony Ericsson Device 039 USB Ethernet Emulation>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service>
R2 IPSECMON (SafeNet Monitor Service) - "c:\program files\zyxel\zywall vpn client\ipsecmon.exe" <Not Verified; SafeNet; SafeNet VPN Client>
R2 IREIKE (SafeNet IKE Service) - "c:\program files\zyxel\zywall vpn client\ireike.exe" <Not Verified; SafeNet; SafeNet VPN Client>
R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files\trend micro\client server security agent\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel® Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: ROOT\NET\0000
Manufacturer: WIDCOMM, Inc.
Name: Bluetooth LAN Access Server Driver
PNP Device ID: ROOT\NET\0000
Service: BTWDNDIS
-- Process Modules -------------------------------------------------------------
C:\WINDOWS\system32\winlogon.exe (pid 928)
2004-09-07 16:08:06 110592 --a------ C:\Program Files\Intel\Wireless\Bin\LgNotify.dll <Not Verified; Intel Corporation; LogonNotify Dynamic Link Library>
2008-04-01 09:32:35 40448 --a------ C:\WINDOWS\system32\ssqQJCrp.dll
C:\WINDOWS\explorer.exe (pid 2100)
2008-04-01 12:37:55 268288 --a------ C:\WINDOWS\system32\mlJCUMGA.dll
2008-04-01 09:32:35 40448 --a------ C:\WINDOWS\system32\ssqQJCrp.dll
-- :: 0 --------- C:\DOCUME~1\cfgeca\LOCALS~1\Temp\catchme.dll
2008-04-03 10:01:16 88640 --a------ C:\WINDOWS\system32\tsvyahxb.dll
2008-04-03 10:08:43 86592 --a------ C:\WINDOWS\system32\kmyrgsrt.dll
2004-08-16 19:53:04 53248 --a------ C:\Program Files\Sitecom\Bluetooth Software\BTKeyInd.dll
2004-12-23 15:47:36 69632 --a------ C:\Program Files\Dell\QuickSet\dadkeyb.dll
C:\WINDOWS\system32\rundll32.exe (pid 888)
2008-04-03 10:01:16 88640 --a------ C:\WINDOWS\system32\tsvyahxb.dll
C:\WINDOWS\system32\rundll32.exe (pid 2516)
2008-04-03 10:08:43 86592 --a------ C:\WINDOWS\system32\kmyrgsrt.dll
2008-04-03 10:01:16 88640 --a------ C:\WINDOWS\system32\tsvyahxb.dll
-- Files created between 2008-03-03 and 2008-04-03 -----------------------------
2008-04-03 11:50:08 0 d-------- C:\WINDOWS\ERUNT
2008-04-03 10:08:43 86592 --a------ C:\WINDOWS\system32\kmyrgsrt.dll
2008-04-03 10:05:56 89152 --a------ C:\WINDOWS\system32\gmrrtxrj.dll
2008-04-03 10:01:13 88640 --a------ C:\WINDOWS\system32\tsvyahxb.dll
2008-04-02 14:33:24 3860 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-02 14:32:23 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-02 14:32:23 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-02 14:32:23 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-02 14:32:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-02 14:32:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified;
http://www.beyondlogic.org; Command Line Process Utility>
2008-04-02 14:32:23 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-02 14:21:55 0 d--h----- C:\Documents and Settings\administrator.GMCF\Templates
2008-04-02 14:21:55 0 dr------- C:\Documents and Settings\administrator.GMCF\Start Menu
2008-04-02 14:21:55 0 dr-h----- C:\Documents and Settings\administrator.GMCF\SendTo
2008-04-02 14:21:55 0 dr-h----- C:\Documents and Settings\administrator.GMCF\Recent
2008-04-02 14:21:55 0 d--h----- C:\Documents and Settings\administrator.GMCF\PrintHood
2008-04-02 14:21:55 0 d--h----- C:\Documents and Settings\administrator.GMCF\NetHood
2008-04-02 14:21:55 0 dr------- C:\Documents and Settings\administrator.GMCF\My Documents
2008-04-02 14:21:55 0 d--h----- C:\Documents and Settings\administrator.GMCF\Local Settings
2008-04-02 14:21:55 0 dr------- C:\Documents and Settings\administrator.GMCF\Favorites
2008-04-02 14:21:55 0 d-------- C:\Documents and Settings\administrator.GMCF\Desktop
2008-04-02 14:21:55 0 d---s---- C:\Documents and Settings\administrator.GMCF\Cookies
2008-04-02 14:21:55 0 dr-h----- C:\Documents and Settings\administrator.GMCF\Application Data
2008-04-02 14:21:55 0 d-------- C:\Documents and Settings\administrator.GMCF\Application Data\Sun
2008-04-02 14:21:55 0 d-------- C:\Documents and Settings\administrator.GMCF\Application Data\Sonic
2008-04-02 14:21:55 0 d---s---- C:\Documents and Settings\administrator.GMCF\Application Data\Microsoft
2008-04-02 14:21:55 0 d-------- C:\Documents and Settings\administrator.GMCF\Application Data\Intel
2008-04-02 14:21:55 0 d-------- C:\Documents and Settings\administrator.GMCF\Application Data\Identities
2008-04-02 14:21:54 786432 --ah----- C:\Documents and Settings\administrator.GMCF\NTUSER.DAT
2008-04-02 09:45:54 90688 --a------ C:\WINDOWS\system32\ovmlqwsh.dll
2008-04-02 09:43:39 85568 --a------ C:\WINDOWS\system32\ofsymwnl.dll
2008-04-02 09:34:08 88128 --a------ C:\WINDOWS\system32\mbqkgfsb.dll
2008-04-01 12:37:58 239976 --ahs---- C:\WINDOWS\system32\AGMUCJlm.ini2
2008-04-01 12:37:52 268288 --a------ C:\WINDOWS\system32\mlJCUMGA.dll
2008-04-01 09:34:18 118784 --a------ C:\Documents and Settings\All Users\Application Data\ryhkncpq.dll
2008-04-01 09:34:09 118784 --a------ C:\WINDOWS\system32\slwslbpz.dll
2008-04-01 09:32:35 40448 --a------ C:\WINDOWS\system32\ssqQJCrp.dll
2008-03-28 10:43:22 98304 --a------ C:\Documents and Settings\All Users\Application Data\zopajkti.dll
2008-03-28 10:43:21 98304 --a------ C:\WINDOWS\system32\mvgnbhyx.dll
2008-03-27 17:18:06 0 d-------- C:\Program Files\PC-Cleaner
2008-03-27 14:07:03 131072 --a------ C:\Documents and Settings\All Users\Application Data\opongjel.dll
2008-03-27 14:07:02 131072 --a------ C:\WINDOWS\system32\fomefhfr.dll
2008-03-27 13:26:46 0 d-------- C:\Program Files\AvantGo Connect
2008-03-27 13:25:58 65613 --a------ C:\WINDOWS\system32\ppvexp.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-03-27 13:25:57 24652 --a------ C:\WINDOWS\system32\uicom.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-03-27 13:25:57 65615 --a------ C:\WINDOWS\system32\pmailext.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-03-27 13:25:57 57423 --a------ C:\WINDOWS\system32\MsgStRPC.dll <Not Verified; Microsoft Corporation; Microsoft Pocket Office>
2008-03-27 13:25:57 114688 --a------ C:\WINDOWS\system32\malslib.dll <Not Verified; AvantGo, Inc.; AvantGo Connect>
2008-03-27 13:25:56 77899 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-03-27 13:25:56 36942 --a------ C:\WINDOWS\system32\ppcload.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-03-27 13:25:56 24653 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2008-03-27 12:32:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-27 11:30:36 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-26 15:21:26 0 d-------- C:\Documents and Settings\cfgeca\.housecall6.6
2008-03-26 11:52:43 102400 --a------ C:\WINDOWS\system32\xmecaqxv.dll
2008-03-26 11:52:43 102400 --a------ C:\Documents and Settings\All Users\Application Data\adgjofcr.dll
2008-03-26 11:21:05 25600 --a------ C:\WINDOWS\system32\winfiz32.dll
2008-03-19 11:01:32 0 d-------- C:\Documents and Settings\cfgeca\Application Data\Datalayer
2008-03-17 12:57:48 0 d-------- C:\Program Files\Common Files\xing shared
2008-03-17 12:57:17 0 d-------- C:\Program Files\Real
2008-03-17 12:57:12 0 d-------- C:\Program Files\Common Files\Real
2008-03-17 12:57:11 0 d-------- C:\Documents and Settings\cfgeca\Application Data\Real
2008-03-03 10:33:46 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
-- Find3M Report ---------------------------------------------------------------
2008-04-03 11:47:12 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-03-31 12:43:29 0 d-------- C:\Program Files\Trend Micro
2008-03-27 14:21:05 0 d-------- C:\Program Files\Common Files
2008-03-27 14:21:01 0 d-------- C:\Program Files\Lavasoft
2008-03-27 13:26:48 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-03-25 12:30:37 0 d-------- C:\Documents and Settings\cfgeca\Application Data\AdobeUM
2008-03-06 11:56:55 0 d-------- C:\Documents and Settings\cfgeca\Application Data\PC Suite
2008-03-06 11:38:13 0 d-------- C:\Documents and Settings\cfgeca\Application Data\Nokia
2008-03-02 13:00:15 0 d-------- C:\Program Files\Common Files\PCSuite
2008-03-02 13:00:13 0 d-------- C:\Program Files\Nokia
2008-03-02 13:00:13 0 d-------- C:\Program Files\Common Files\Nokia
2008-03-02 12:59:48 0 d-------- C:\Program Files\DIFX
2008-03-02 12:59:30 0 d-------- C:\Program Files\PC Connectivity Solution
2008-03-02 12:58:16 0 d--h----- C:\Program Files\InstallShield Installation Information
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17ba884e-9855-4e74-b8e0-4b38e31252f7}]
03/04/2008 10:05 89152 --a------ C:\WINDOWS\system32\gmrrtxrj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{220A45A7-10F0-4732-A847-007B23FA957D}]
01/04/2008 12:37 268288 --a------ C:\WINDOWS\system32\mlJCUMGA.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}]
01/04/2008 09:32 40448 --a------ C:\WINDOWS\system32\ssqQJCrp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [23/08/2007 11:09]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [23/08/2007 10:51]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [23/08/2007 11:16]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [23/08/2007 11:09]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [30/10/2004 14:59]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [23/08/2007 11:09]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [26/04/2004 08:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [07/01/2004 01:01]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 05:00]
"BluetoothAuthenticationAgent"="bthprops.cpl" [04/08/2004 05:00 C:\WINDOWS\system32\bthprops.cpl]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26/10/2005 18:17]
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [06/08/2005 19:45]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [29/03/2007 08:10]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [28/11/2006 15:12]
"a8dc03c1"="C:\WINDOWS\system32\kmyrgsrt.dll" [03/04/2008 10:08]
"BMabef305d"="C:\WINDOWS\system32\tsvyahxb.dll" [03/04/2008 10:01]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [15/05/2003 01:19:50]
BTTray.lnk - C:\Program Files\Sitecom\Bluetooth Software\BTTray.exe [16/08/2004 19:52:22]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [08/08/2005 10:55:22]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [03/02/2000 01:11:00]
ZyWALL VPN Client.lnk - C:\Program Files\ZyXEL\ZyWALL VPN Client\SafeCfg.exe [14/12/2006 15:49:16]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{94BC3D1D-22E9-4744-8ED1-3E08A3B74078}"= C:\WINDOWS\system32\ssqQJCrp.dll [01/04/2008 09:32 40448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 07/09/2004 16:08 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqQJCrp]
ssqQJCrp.dll 01/04/2008 09:32 40448 C:\WINDOWS\system32\ssqQJCrp.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJCUMGA
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
-- End of Deckard's System Scanner: finished at 2008-04-03 12:41:45 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 84%
Physical Memory (total/avail): 503.36 MiB / 75.56 MiB
Pagefile Memory (total/avail): 1227.32 MiB / 793.81 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1900.34 MiB
C: is Fixed (NTFS) - 37.16 GiB total, 27.37 GiB free.
D: is CDROM (UDF)
H: is Network (NTFS)
P: is Network (NTFS)
Z: is Network (NTFS)
\\.\PHYSICALDRIVE0 - TOSHIBA MK4026GAX - 37.26 GiB - 2 partitions
\PARTITION0 - Unknown - 94.1 MiB
\PARTITION1 (bootable) - Installable File System - 37.16 GiB - C:
-- Security Center -------------------------------------------------------------
AUOptions is disabled.
Windows Internal Firewall is enabled.
FirstRunDisabled is set.
FW: Trend Micro Client-Server Security Agent Firewall v7.6.1095 (TrendFirewall)
DisabledAV: Trend Micro Client-Server Security Agent AntiVirus v7.6.1095 (TrendAntiVirus)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\Utility\\Installer\\InstallationManager.exe"="D:\\Utility\\Installer\\InstallationManager.exe:*:Enabled:Xerox Windows Common Print Driver Installer"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\IreIKE.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\ViewLog.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\CmonApp.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\vpn.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\TEMP\\win19.exe"="C:\\WINDOWS\\TEMP\\win19.exe:*:Enabled:win19"
"C:\\WINDOWS\\TEMP\\win34.exe"="C:\\WINDOWS\\TEMP\\win34.exe:*:Enabled:win34"
"C:\\WINDOWS\\TEMP\\winA5.exe"="C:\\WINDOWS\\TEMP\\winA5.exe:*:Enabled:winA5"
"C:\\WINDOWS\\TEMP\\winBB.exe"="C:\\WINDOWS\\TEMP\\winBB.exe:*:Enabled:winBB"
"C:\\WINDOWS\\TEMP\\win107.exe"="C:\\WINDOWS\\TEMP\\win107.exe:*:Enabled:win107"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\IreIKE.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\IreIKE.exe:*:Enabled:IreIke"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\ViewLog.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\CmonApp.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp"
"C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\vpn.exe"="C:\\Program Files\\ZyXEL\\ZyWALL VPN Client\\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cfgeca\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PC10733
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cfgeca
LOGONSERVER=\\CFGMSBSERVER
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SBSSERVER=CFGMSBSERVER
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cfgeca\LOCALS~1\Temp
TMP=C:\DOCUME~1\cfgeca\LOCALS~1\Temp
USERDNSDOMAIN=GMCF.LOCAL
USERDOMAIN=GMCF
USERNAME=cfgeca
USERPROFILE=C:\Documents and Settings\cfgeca
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
marienne.CFGM
administrator.CFGM
(admin)marienne
(new local, admin)locad
(admin)__sbs_netsetup__
(new local, admin)Administrator
(admin)marienne.CFGMSBS
(admin)emma
(admin)administrator.CFGMSBS
(admin)cfgeca
(admin)administrator.GMCF
(new local, admin, net ready)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 Beta --> MsiExec.exe /X{25081482-E242-4FE3-B552-FDC8BA88C90E}
Adobe Acrobat 6.0 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Broadcom Advanced Control Suite 2 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Broadcom Gigabit Integrated Controller --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant D110 MDC V.9x Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft ActiveSync 3.8 --> "C:\WINDOWS\ISUNINST.EXE" -f"C:\Program Files\Microsoft ActiveSync\DeIsL1.isu" -c"C:\Program Files\Microsoft ActiveSync\ceuninst.dll"
Microsoft MapPoint Europe 2004 --> MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790240}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver --> MsiExec.exe /X{3BFFC6B8-4EC0-4240-858C-998FD4077983}
Nokia PC Suite --> MsiExec.exe /I{02091327-B124-4216-9D71-58C0E24F5392}
PC Connectivity Solution --> MsiExec.exe /I{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
Sitecom Bluetooth Software --> MsiExec.exe /X{90535871-81B9-4D99-8A13-A7EE97F2D7FE}
SmarterMail Sync for Outlook --> MsiExec.exe /X{6567F265-62EC-4BA9-9629-6B483B608854}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SyncThru --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Samsung Network Printer Utilities\SyncThru\Uninst.isu" -c"C:\Program Files\Samsung Network Printer Utilities\SyncThru\_Uninst.dll"
Trend Micro Client/Server Security Agent --> "C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
UltraVNC v1.0.1 --> "C:\Program Files\UltraVNC\unins000.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Xerox Support Centre --> C:\Program Files\Xerox\Support Centre\supportuninstall.exe
ZyWALL VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\ZyXEL\ZyWALL VPN Client\Setup\Setup.exe" -l0x9
-- Application Event Log -------------------------------------------------------
Event Record #/Type7158 / Warning
Event Submitted/Written: 04/02/2008 02:34:00 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x8007043C
Event Record #/Type7157 / Warning
Event Submitted/Written: 04/02/2008 02:34:00 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90110409-6000-11D3-8CFE-0150048383C9}', feature 'OfficeUserData', component '{4A31E933-6F67-11D2-AAA2-00A0C90F57B0}' failed. The resource 'HKEY_CURRENT_USER\Software\ODBC\ODBC.INI\MS Access Database\' does not exist.
Event Record #/Type7134 / Error
Event Submitted/Written: 04/01/2008 01:21:47 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.
Event Record #/Type7133 / Error
Event Submitted/Written: 04/01/2008 01:21:22 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type7126 / Error
Event Submitted/Written: 04/01/2008 01:10:02 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application OTMoveIt2.exe, version 1.0.21.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type42716 / Error
Event Submitted/Written: 04/03/2008 11:49:50 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
APPDRV
Fips
intelppm
Event Record #/Type42715 / Error
Event Submitted/Written: 04/03/2008 11:49:21 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Event Record #/Type42679 / Warning
Event Submitted/Written: 04/02/2008 03:52:25 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.
Event Record #/Type42678 / Warning
Event Submitted/Written: 04/02/2008 03:52:24 PM / 04/02/2008 03:52:25 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.
Event Record #/Type42654 / Error
Event Submitted/Written: 04/02/2008 02:36:24 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
-- End of Deckard's System Scanner: finished at 2008-04-03 12:41:45 ------------