« previous next »
Pages: 1 [2]

Author Topic: Firewall issues  (Read 2075 times)

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #20 on: September 29, 2007, 01:50:57 AM »
Quote
Do you see the older version of Java and/or kerio in the list?

yes they are both there
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Firewall issues
« Reply #21 on: September 29, 2007, 10:26:04 AM »
Close down browser windows
Open the Windows cleanup utility and highlight both Kerio and the older version of Java
Then select Remove

When finished reboot your computer

Afterwards, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post the contents of  main.txt and extra.txt
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #22 on: September 29, 2007, 04:15:45 PM »
ok, here are the log's
the security center is still showing Kerio as running
should I try to complete the java installation?
thanks, Heather


Deckard's System Scanner v20070905.67
Run by Heather on 2007-09-29 14:08:04
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
102: 2007-09-29 21:08:16 UTC - RP532 - Deckard's System Scanner Restore Point
101: 2007-09-29 06:49:47 UTC - RP531 - Installed Windows Installer Clean Up
100: 2007-09-29 01:18:48 UTC - RP530 - System Checkpoint
99: 2007-09-28 01:05:55 UTC - RP529 - System Checkpoint
98: 2007-09-27 00:46:51 UTC - RP528 - System Checkpoint


-- First Restore Point --
1: 2007-07-02 03:46:58 UTC - RP431 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=\"red\"]Total Physical Memory: 510 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Heather.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:10:01 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Heather\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Heather.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,19/mcgdmgr.cab
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 7030 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070923-150803-593 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
backup-20070923-150803-813 O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
backup-20070923-150803-959 O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 agp440 (Intel AGP Bus Filter) - c:\windows\\systemroot\system32\drivers\agp440.sys (file missing)
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>

S0 SSI - c:\windows\system32\drivers\ssi.sys (file missing)
S1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys (file missing)
S1 khips (Kerio HIPS Driver) - c:\windows\system32\drivers\khips.sys (file missing)
S3 catchme - c:\docume~1\heather\locals~1\temp\catchme.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)
S3 MREMPR5 (MREMPR5 NDIS Protocol Driver) - c:\program files\common files\motive\mrempr5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 MRENDIS5 (MRENDIS5 NDIS Protocol Driver) - c:\program files\common files\motive\mrendis5.sys <Not Verified; Motive, Inc.; Motive Rawether for Windows>
S3 SQTECH905C (DualCamera) - c:\windows\system32\drivers\capt905c.sys <Not Verified; Service & Quality Technology.; SQ905c>
S3 VisorUsb (Handspring USB) - c:\windows\system32\drivers\visorusb.sys <Not Verified; Handspring, Inc; Visor®>
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S4 ewido security suite control - c:\program files\ewido anti-malware\ewidoctrl.exe (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-09-26 17:13:00       284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-01-01 20:58:06       218 --a------ C:\WINDOWS\Tasks\WebReg .job
2004-04-16 20:57:12       258 --a------ C:\WINDOWS\Tasks\ISP signup reminder 1.job


-- Files created between 2007-08-29 and 2007-09-29 -----------------------------

2007-09-28 23:49:49         0 d-------- C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49:30         0 d-------- C:\Program Files\MSECACHE
2007-09-26 23:55:02         0 d-------- C:\Documents and Settings\Heather\Application Data\Move Networks
2007-09-22 23:38:52         0 d-------- C:\Rustbfix
2007-09-21 15:37:22         0 dr-h----- C:\Documents and Settings\Heather\Recent
2007-09-20 22:25:54         0 d-------- C:\Program Files\Windows Media Connect 2
2007-09-20 22:24:04         0 d-------- C:\WINDOWS\system32\LogFiles
2007-09-20 22:24:04         0 d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-14 00:31:34         0 d-------- C:\Program Files\Trend Micro
2007-09-13 22:34:30         0 d-------- C:\Documents and Settings\Heather\.housecall6.6
2007-09-13 21:49:53         0 d-------- C:\Program Files\Error Expert
2007-09-13 19:44:28         0 d-------- C:\KAV
2007-09-04 10:08:50         0 d-------- C:\Documents and Settings\Heather\Application Data\WeatherBug
2007-09-04 10:08:40         0 d-------- C:\Program Files\MyWebSearchWB
2007-09-04 10:08:34         0 d-------- C:\Program Files\AWS


-- Find3M Report ---------------------------------------------------------------

2007-09-23 22:05:57         0 d-------- C:\Program Files\Common Files\Sonic Shared
2007-09-21 15:37:47         0 d-------- C:\Program Files\ewido anti-malware
2007-09-13 19:22:07         0 d-------- C:\Program Files\Rhapsody
2007-09-13 18:49:19         0 d-------- C:\Program Files\Real
2007-09-13 18:47:50         0 d-------- C:\Documents and Settings\Heather\Application Data\Real
2007-09-13 18:46:27         4 --a------ C:\WINDOWS\system32\D1EE9F
2007-09-08 23:59:52         0 d-------- C:\Documents and Settings\Heather\Application Data\U3
2007-08-25 14:11:36       664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-08-13 15:18:35         0 d-------- C:\Documents and Settings\Heather\Application Data\Ahead
2007-08-13 15:07:35         0 d-------- C:\Program Files\Common Files\LightScribe
2007-08-13 15:07:34         0 d-------- C:\Program Files\Common Files
2007-08-13 15:00:48         0 d-------- C:\Program Files\Common Files\Ahead
2007-08-13 14:57:51         0 d-------- C:\Program Files\Nero
2007-08-12 06:56:32         0 d-------- C:\Program Files\Verizon
2007-07-09 19:46:46       164 --a------ C:\install.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [09/03/2003 06:12 PM]
"Logitech Utility"="Logi_MwX.Exe" [12/17/2003 10:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [09/20/2005 09:35 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [09/20/2005 09:32 AM]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [01/07/2006 02:36 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/17/2006 12:24 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [03/11/2007 02:37 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [06/01/2007 03:24 PM]

C:\Documents and Settings\Heather\Start Menu\Programs\Startup\
DESKTOP.INI [9/3/2002 7:00:00 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
DESKTOP.INI [9/3/2002 7:00:00 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc   usnsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------




Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.80GHz
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 509.98 MiB / 273.38 MiB
Pagefile Memory (total/avail): 1248.75 MiB / 1075.04 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1965.83 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.47 GiB total, 45.38 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-75FRA0 - 74.5 GiB - 2 partitions
  \PARTITION0 - Unknown - 31.35 MiB
  \PARTITION1 (bootable) - Installable File System - 74.47 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FW: Sunbelt Kerio Personal Firewall v4.3.268 T (Sunbelt Kerio)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Heather\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=NEWMAN
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Heather
LOGONSERVER=\\NEWMAN
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
TMP=C:\DOCUME~1\Heather\LOCALS~1\Temp
USERDOMAIN=NEWMAN
USERNAME=Heather
USERPROFILE=C:\Documents and Settings\Heather
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Heather (admin)
Tim (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
 --> C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
 --> Dummy
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A244658E-84E5-4F3B-87D3-5FB993BF6325}\Setup.exe" -l0x9
Bonjour --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D} /l1033
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CCScore --> MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Championship Bass --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\EA SPORTS\Championship Bass\Uninst.isu"
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
DA920EN --> MsiExec.exe /X{C1E5DF32-8248-4347-908C-E030EDAE4368}
DD Tournament Poker 1.2 --> "C:\Program Files\ddpoker\UninstallerData\Uninstall poker.exe"
Dell AIO Printer A920 --> C:\WINDOWS\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE -dDell AIO Printer A920
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe"  -uninstall
Dell ResourceCD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Solution Center --> MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Dell Support 5.0.0 (766) --> rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
DVDSentry --> MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
EA Network Play System --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\uninst.isu"
EA SPORTS online 2004 --> C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
EarthLink Setup Files --> MsiExec.exe /X{9B2CFE3B-7F55-4786-A20D-BB244914F6D8}
EAX(tm) Unified (SHELL) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative Labs\EAX(tm) Unified (SHELL)\Uninst.isu"
ESSBrwr --> MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK --> MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore --> MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSgui --> MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp --> MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini --> MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD --> MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock --> MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC --> MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS --> MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt --> MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
essvcpt --> MsiExec.exe /I{D1973749-F5E7-40EB-B528-F2B78685B9FF}
EVEREST Home Edition v2.20 --> "C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9  -removeonly
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Hamsterball --> C:\PROGRA~1\YAHOO!~1\HAMSTE~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!~1\HAMSTE~1\INSTALL.LOG
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPPDOCK --> MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 7.0 --> C:\Program Files\HP\Digital Imaging\{3F556FFA-B0C6-404d-992B-05BB0B10849C}\setup\hpzscr01.exe -datfile hpiscr02.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
In-Fisherman Freshwater Trophies --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64963FAF-E357-4B8E-BDB6-A02C9F6C2D4E}
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
Intel® 537EP V9x DF PCI Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page --> MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}
iPod for Windows 2006-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Jasc Paint Shop Photo Album --> MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
kgcbaby --> MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase --> MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday --> MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn --> MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt --> MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids --> MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove --> MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday --> MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
Kodak EasyShare software --> C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0010_198756\Setup.exe /APR-REMOVE
KSU --> MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.79.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Macromedia Shockwave Player --> C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004 --> MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Money 2004 --> MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Money 2004 System Pack --> MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Event Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Heather\Application Data\Move Networks\ie_bin\Uninst.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar1.02.3000.1001\en-us\mtbs.exe c
Muppets - Bright2 --> C:\WINDOWS\IsUninst.exe -fc:\MUPPETS\bright2\Uninst.isu
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~2\unmatch.exe
My Disney Kitchen --> C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\DISNEY~1\MYDISN~1\DeIsL1.isu
Notifier --> MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
OfotoXMI --> MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OpenMG Limited Patch 4.4-06-13-19-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.4-06-13-19-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.4.00 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{CFB17307-B244-4EAD-AE8E-CDAF440477C2} UNINSTALL
OTtBP --> MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
OTtBPSDK --> MsiExec.exe /I{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}
Poker Superstars --> C:\PROGRA~1\YAHOO!~1\POKERS~1\UNWISE.EXE C:\PROGRA~1\YAHOO!~1\POKERS~1\INSTALL.LOG
Pokémon --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Pokémon\Uninst.isu"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe"  -uninstall
Pro Fishing 3D --> C:\WINDOWS\IsUninst.exe -f"C:\Head Games\Pro Fishing 3D\P3DFish.isu"
ProModule: PowerPoint Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\POWERP~1\INSTALL.LOG
ProModule: Quick Message --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\QUICKM~1\INSTALL.LOG
ProModule: SongSelect 3.0 Support --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\SONGSE~1\INSTALL.LOG
ProModule: SongSelect Lyrics Service Import --> C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\Modules\LYRICS~1\INSTALL.LOG
ProModule: Transitions 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~1\INSTALL.LOG
ProModule: Transitions 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~2\INSTALL.LOG
ProModule: Transitions 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~3\INSTALL.LOG
ProModule: Transitions 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\TRANSI~4\INSTALL.LOG
ProModule: Video Background --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VIDEOB~1\INSTALL.LOG
ProModule: Visualizations 1 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~1\INSTALL.LOG
ProModule: Visualizations 2 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~2\INSTALL.LOG
ProModule: Visualizations 3 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~3\INSTALL.LOG
ProModule: Visualizations 4 --> C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\UNWISE.EXE C:\PROGRA~1\R-TECH~1\PROMOD~1\VISUAL~4\INSTALL.LOG
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56B810F8-1395-4471-9F7A-560AACF0CB2F}\Setup.exe" -l0x9
SFR --> MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA --> MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave --> C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~1\Install.log
SKIN0001 --> MsiExec.exe /I{FDF9943A-3D5C-46B3-9679-586BD237DDEE}
SKINXSDK --> MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
SongShow Plus --> "C:\Program Files\R-Technics\SongShow Plus\bin\Uninstall.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SonicStage 3.4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\101\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SspSamples: Bible Atlas Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\BIBLEA~1\INSTALL.LOG
SspSamples: Creative Interlude Sampler 2 --> C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\UNWISE.EXE C:\PROGRA~1\R-TECH~1\SONGSH~1\UNINST~1\CREATI~1\CREATI~1\INSTALL.LOG
SspSamples: Digital Hotcakes --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\DIGITA~1\INSTALL.LOG
SspSamples: Digital Juice Jumpbacks --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\DIGITA~2\INSTALL.LOG
SspSamples: Whitmer Photography --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WHITME~1\INSTALL.LOG
SspSamples: WorshipFilms --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Images --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Images\WORSHI~1\INSTALL.LOG
SspSamples: WorshipScapes Videos --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\UNWISE.EXE C:\DOCUME~1\ALLUSE~1\DOCUME~1\R-TECH~1\SONGSH~1\Videos\WORSHI~2\INSTALL.LOG
Starshine Episode 1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}\setup.exe" -l0x9
staticcr --> MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Tiger Woods PGA TOUR 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E91306C-899F-45F3-B5E9-4B480A27A63D}\Setup.exe" -l0x9 uninstallme
Verizon Online DSL --> "C:\WINDOWS\DSL\unins000.exe"
Verizon Online Help and Support --> C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
VPRINTOL --> MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{FCE50DB8-C610-4C42-BE5C-193F46C6F812}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Self-Extractor --> "C:\Program Files\WinZip Self-Extractor\wzipse32.exe" -uninstall
WIRELESS --> MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 11 --> MsiExec.exe /I{54F90B55-BEB3-4F0D-8802-228822FA5921}
Yahoo! extras --> C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~1.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Messenger Explorer Bar --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Photos Easy Upload Tool --> C:\Program Files\Yahoo!\Common\ydropper_uninst.exe /ylog=C:\PROGRA~1\Yahoo!\Photos\Uploader\install.log
Yahoo! Photos Print-at-Home Tool --> C:\WINDOWS\unins000.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type983 / Error
Event Submitted/Written: 09/29/2007 02:04:49 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 490030824.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type981 / Error
Event Submitted/Written: 09/29/2007 02:04:40 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x023e6cfb.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type979 / Error
Event Submitted/Written: 09/29/2007 02:01:34 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:

Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {E659E0EE-10E6-49B7-8696-60F38D0EB174}

Event Record #/Type978 / Error
Event Submitted/Written: 09/29/2007 02:01:32 PM
Event ID/Source: 1 / VBRuntime
Event Description:
The VB Application identified by the event source logged this Application MSICUU: Thread ID: 5148 ,Logged:

Success:
C:\Program Files\Windows Installer Clean Up\msizap.exe TW! {7148F0A8-6813-11D6-A77B-00B0D0142000}

Event Record #/Type971 / Success
Event Submitted/Written: 09/24/2007 05:38:07 PM
Event ID/Source: 12001 / usnsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4962 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
fwdrv
khips
SSI

Event Record #/Type4961 / Error
Event Submitted/Written: 09/29/2007 02:04:43 PM
Event ID/Source: 7022 / Service Control Manager
Event Description:
The Bonjour Service service hung on starting.

Event Record #/Type4952 / Warning
Event Submitted/Written: 09/28/2007 01:20:10 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type4951 / Error
Event Submitted/Written: 09/28/2007 10:15:35 AM
Event ID/Source: 6161 / Print
Event Description:
Copy of October 07 ALL CLASSES.xlsHeatherHP DeskJet 710CNT EMF 1.00832768029334011\\NEWMAN0 (0x0)

Event Record #/Type4950 / Warning
Event Submitted/Written: 09/28/2007 10:01:12 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-09-29 14:11:57 ------------
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Firewall issues
« Reply #23 on: September 30, 2007, 01:22:05 AM »
Try the following
Open notepad and copy/paste the text in the quotebox below into it:
Don't use anything else than notepad or the script will not work

Quote
File::
c:\windows\system32\drivers\ssi.sys
c:\windows\system32\drivers\fwdrv.sys
c:\windows\system32\drivers\khips.sys

Folder::
C:\Program Files\MyWebSearchWB
C:\Program Files\AWS
C:\KAV
C:\Program Files\Error Expert
C:\Documents and Settings\Heather\Application Data\WeatherBug
C:\Rustbfix
c:\program files\ewido anti-malware

Driver::
fwdrv
khips
SSI
ewido security suite control
Save this as txtfile
CFScript


Take note the pic above
Drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt..
Post that log back and let me know how things are running please
« Last Edit: September 30, 2007, 01:23:30 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #24 on: September 30, 2007, 01:50:23 AM »
here's the report.
I'll follow with a post about how things are running
thanks, Heather



ComboFix 07-09-21.2 - "Heather" 2007-09-29 23:38:08.5 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.256 [GMT -7:00]
 * Created a new restore point

FILE::
c:\windows\system32\drivers\ssi.sys
c:\windows\system32\drivers\fwdrv.sys
c:\windows\system32\drivers\khips.sys
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Heather\Application Data\WeatherBug
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_HurricaneCommandCenterWithFlag.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96_VZW.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\102x96Verizon.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summe_0807r.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\60_Generic2007_Summer_Mask_0807.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Apr07.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\Ebay_Mask_Apr07.bmp
C:\Documents and Settings\Heather\Application Data\WeatherBug\nav_07182007.jpg
C:\Documents and Settings\Heather\Application Data\WeatherBug\topnav_Generic2007.jpg
C:\KAV
C:\KAV\KAV70\English\doc\kav7.0en.pdf
C:\KAV\KAV70\English\kav.en.msi
C:\KAV\KAV70\English\release_notes.html
C:\KAV\KAV70\English\setup.exe
C:\KAV\KAV70\English\setup.reg
C:\Program Files\AWS
C:\Program Files\AWS\WeatherBug\download.txt
C:\Program Files\AWS\WeatherBug\INSTALL.LOG
C:\Program Files\AWS\WeatherBug\Local\1px.gif
C:\Program Files\AWS\WeatherBug\Local\alert_failed.html
C:\Program Files\AWS\WeatherBug\Local\Background60.jpg
C:\Program Files\AWS\WeatherBug\Local\bot_default.html
C:\Program Files\AWS\WeatherBug\Local\bot_failed2.html
C:\Program Files\AWS\WeatherBug\Local\Bot_loading.gif
C:\Program Files\AWS\WeatherBug\Local\bot_loading.html
C:\Program Files\AWS\WeatherBug\Local\center_failed.html
C:\Program Files\AWS\WeatherBug\Local\center_loading.html
C:\Program Files\AWS\WeatherBug\Local\def_bot.gif
C:\Program Files\AWS\WeatherBug\Local\LeftNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\MiniReg.jpg
C:\Program Files\AWS\WeatherBug\Local\skinmask60.bmp
C:\Program Files\AWS\WeatherBug\Local\TopNavbar60.JPG
C:\Program Files\AWS\WeatherBug\Local\vssver.scc
C:\Program Files\AWS\WeatherBug\Local\WBug_Loading.gif
C:\Program Files\AWS\WeatherBug\Local\weather_window_loading.gif
C:\Program Files\AWS\WeatherBug\Local\WxBug.gif
C:\Program Files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
C:\Program Files\AWS\WeatherBug\Local\WxWindow_failed.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_loading.html
C:\Program Files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
C:\Program Files\Error Expert
C:\Program Files\Error Expert\Backup\Automatic Backup_09-13-2007_21-54-48.reg
c:\program files\ewido anti-malware
c:\program files\ewido anti-malware\danish.mo
c:\program files\ewido anti-malware\hungarian.mo
c:\program files\ewido anti-malware\s.dat
c:\program files\ewido anti-malware\serbian.mo
c:\program files\ewido anti-malware\t.dat
C:\Program Files\MyWebSearchWB
C:\Program Files\MyWebSearchWB\bar\1.bin\W6FFXTBR.JAR
C:\Program Files\MyWebSearchWB\bar\1.bin\W6NTSTBR.JAR
C:\Program Files\MyWebSearchWB\bar\Cache0034E31.bin
C:\Program Files\MyWebSearchWB\bar\Cache02069BA.bin
C:\Program Files\MyWebSearchWB\bar\Cache3060E43
C:\Program Files\MyWebSearchWB\bar\Cache3061122
C:\Program Files\MyWebSearchWB\bar\Cache306146D.bin
C:\Program Files\MyWebSearchWB\bar\Cache3061681.bin
C:\Program Files\MyWebSearchWB\bar\Cache3062863.bin
C:\Program Files\MyWebSearchWB\bar\Cache321ABE7.bin
C:\Program Files\MyWebSearchWB\bar\Cache4E5449B.bin
C:\Program Files\MyWebSearchWB\bar\Cache8178CD5.bin
C:\Program Files\MyWebSearchWB\bar\History\search
C:\Program Files\MyWebSearchWB\bar\Settings\prevcfg.htm
C:\Rustbfix
C:\Rustbfix\1run.bat
C:\Rustbfix\2run.bat
C:\Rustbfix\avenger.exe
C:\Rustbfix\chkrustb.bat
C:\Rustbfix\LS.exe
C:\Rustbfix\pelog.txt
C:\Rustbfix\SF.exe
C:\Rustbfix\streamtools.zip
C:\Rustbfix\swreg.exe
C:\Rustbfix\tmp1.txt

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_EWIDO_SECURITY_SUITE_CONTROL
-------\LEGACY_FWDRV
-------\LEGACY_KHIPS
-------\LEGACY_SSI
-------\ewido security suite control
-------\fwdrv
-------\khips
-------\SSI


(((((((((((((((((((((((((   Files Created from 2007-08-28 to 2007-09-30  )))))))))))))))))))))))))))))))
.

2007-09-29 14:07   <DIR>   d--------   C:\Deckard
2007-09-28 23:49   <DIR>   d--------   C:\Program Files\Windows Installer Clean Up
2007-09-28 23:49   <DIR>   d--------   C:\Program Files\MSECACHE
2007-09-26 23:55   <DIR>   d--------   C:\DOCUME~1\Heather\APPLIC~1\Move Networks
2007-09-20 22:25   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\LogFiles
2007-09-20 22:24   <DIR>   d--------   C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2007-09-14 00:31   <DIR>   d--------   C:\Program Files\Trend Micro
2007-09-13 23:32   76,560   --a------   C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-09-13 22:34   <DIR>   d--------   C:\DOCUME~1\Heather\.housecall6.6

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-23 22:05   ---------   d--------   C:\Program Files\Common Files\Sonic Shared
2007-09-13 19:33   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-09-13 19:22   ---------   d--------   C:\Program Files\Rhapsody
2007-09-13 18:49   ---------   d--------   C:\Program Files\Real
2007-09-13 18:47   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Real
2007-09-08 23:59   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\U3
2007-08-16 00:10   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
2007-08-13 15:18   ---------   d--------   C:\DOCUME~1\Heather\APPLIC~1\Ahead
2007-08-13 15:07   ---------   d--------   C:\Program Files\Common Files\LightScribe
2007-08-13 15:00   ---------   d--------   C:\Program Files\Common Files\Ahead
2007-08-13 14:57   ---------   d--------   C:\Program Files\Nero
2007-08-13 14:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-08-12 06:57   ---------   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
2007-08-12 06:56   ---------   d--------   C:\Program Files\Verizon
2007-02-20 12:51   439296   --a------   C:\DOCUME~1\Heather\GoToAssist_phone__317_en.exe
2007-02-17 21:07   8   --a------   C:\DOCUME~1\Heather\APPLIC~1\usb.dat.bin
2006-02-19 04:28   12288   --a------   C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((   snapshot_2007-09-21_230848.79   )))))))))))))))))))))))))))))))))))))))))
.
-c----w           414,208 2006-10-19 04:47:16  C:\WINDOWS\$NtUninstallKB929399$\msscp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB929399$\spuninst\updspapi.dll
-c----w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\$NtUninstallKB936782_WMP11$\wmp.dll
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\updspapi.dll
-c----w           315,904 2006-11-02 01:31:34  C:\WINDOWS\$NtUninstallKB939683$\unregmp2.exe
-c----w           213,216 2005-06-28 17:23:26  C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe
-c----w           371,424 2005-06-28 17:23:54  C:\WINDOWS\$NtUninstallKB939683$\spuninst\updspapi.dll
----a-w           317,440 2007-06-27 05:10:26  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,720 2006-12-04 23:21:50  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w           317,440 2007-06-27 05:10:26  C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w        10,834,944 2007-06-12 06:51:12  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
----a-w           315,904 2006-11-02 01:31:34  C:\WINDOWS\INF\unregmp2.exe
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\msscp.dll
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\wmp.dll
----a-w           414,208 2006-10-19 04:47:16  C:\WINDOWS\SYSTEM32\DLLCACHE\msscp.dll
----a-w           315,904 2006-11-02 01:31:34  C:\WINDOWS\SYSTEM32\DLLCACHE\unregmp2.exe
----a-w        10,834,432 2006-10-19 04:47:20  C:\WINDOWS\SYSTEM32\DLLCACHE\wmp.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
 
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-17 10:50 C:\WINDOWS\LOGI_MWX.EXE]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 02:36]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-03-17 00:24]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-03-11 14:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-01 15:24]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Heather\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

C:\DOCUME~1\Tim\STARTM~1\Programs\Startup\
DESKTOP.INI [2002-09-03 07:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)

S3 VisorUsb;Handspring USB;C:\WINDOWS\system32\DRIVERS\VisorUsb.sys


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{409de366-aeb2-11db-b001-000cf1e5dee4}]
AutoRun\command- G:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-09-27 00:13:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2004-04-17 03:57:12 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
"2007-01-02 03:58:06 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\digital imaging\bin\hpqwrg.exe
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-29 23:45:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-29 23:47:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-29 23:47
C:\ComboFix2.txt ... 2007-09-24 01:51
C:\ComboFix3.txt ... 2007-09-21 23:09
.
   --- E O F ---
Logged

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #25 on: September 30, 2007, 02:03:58 AM »
ok, Java finally installed correctly (seemingly)
Rhapsody is still completely inaccessable, I was hoping that I didn't have to uninstall and loose the music I currently have in there
Kerio still shows up as running in windows security center. (die Kerio die!!!!)

other than that things seem pretty good, one little thing that bugs me is that the internet explorer icon will not load onto the start panel like everything else that I access regularly does. quite bothersome as that is where I like to load from (habit)

how do things look from your perspective?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Firewall issues
« Reply #26 on: September 30, 2007, 02:18:40 AM »
Quote
Rhapsody is still completely inaccessable
What is the location of your music files?
Can you copy/paste them to another folder as backup??

Quote
Kerio still shows up as running in windows security center

Try another step
Download and unzip to it's own folder
Regseeker 1.55
Don't run it yet

Reboot into safe mode and sign in with your account
Run RegSeeker.exe from the extracted folder
click the "Clean Registry" button
Ensure "Backup before Deletion" is selected>>It should be by default
Then click "Auto Clean"
Click GO!
Follow prompts, don't worry about NO CD disk error if you get one, just cancel it out

Reboot back to Normal windows and see if Kerio is finally gone
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #27 on: October 02, 2007, 07:53:22 PM »
regseeker seems to be stalling on me, it goes through a process and cleans the stuff it finds, then it has a pop up window that only says "ok" I tried clicking ok and also x-ing out of the box, either way the area that tells what is happening says startup clean but it dosen't do anything.
Kerio is still there and dow I get an error pop up every so often that says "intel®PROset   resources are not available"

what else do you have in that big bag of tricks of yours?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Firewall issues
« Reply #28 on: October 02, 2007, 08:26:54 PM »
Try navigating to this file
C:\WINDOWS\SYSTEM32\PRApplet.cpl

Right click on PRApplet.cpl and Rename it too PRApplet.old

Try running Regseeker in this fashion
Run RegSeeker.exe from the extracted folder
click the "Clean Registry" button
Ensure "Backup before Deletion" is selected>>It should be by default
Then click "OK">>Don't use Autoclean this time

When done click SELECT at the bottom>>Select All
Right click and select>Delete Selected items

Reboot>>Reboot regardless whether you got Regseeker to run or not
Let me know how things are afterwards

Does the other user profile on this computer have the same problems as yourself?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Heather

  • Jr. Member
  • **
  • Posts: 81
  • Karma: +0/-0
    • View Profile
Firewall issues
« Reply #29 on: October 03, 2007, 11:04:25 AM »
no changes other than the "intel®PROset resources are not available" alert has not shown up again.
there is no other user profile in regular mode. in safe mode there shows an administrator profile but I have never used it. I still cannot use keyboard in safe mode.
Kerio is still showing as running and inaccesable.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Firewall issues
« Reply #30 on: October 04, 2007, 12:47:44 AM »
Are you willing to try a repair install or clean install, this is taking too long and should of been fixed by now, but your problems seem to be adding up?

Quote
I still cannot use keyboard in safe mode.
Are you sure you have a PS2 keyboard? not a USB, does it have a purple end leading into the computer?

Try this for Kerio
Download this uninstaller from this location and save too desktop
http://www.sunbelt-software.com/ihs/SKPFClean.4.3.exe

run it and reboot afterwards, still problems with Kerio?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: 1 [2]
« previous next »