Thread: Search200 problem can you help please?
View Single Post
Old 08-24-2005, 09:57 PM   #25 (permalink)
tetonbob
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,560
OS: 2000 Pro; XP Pro; XP Home


Jim's latest logs.....

VOLUME IN DRIVE C IS HP_PAVILION
VOLUME SERIAL NUMBER IS D83E-DA06

DIRECTORY OF C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA

09/09/2004 04:47 PM <DIR> AOL
08/02/2003 08:14 PM <DIR> BVRP SOFTWARE
07/09/2005 03:32 PM <DIR> HEWLETT-PACKARD
07/09/2005 03:57 PM 2,702 HPZINSTALL.LOG
06/27/2004 05:27 PM <DIR> MCAFEE.COM
04/20/2002 08:24 PM <DIR> MOTIVE
09/10/2004 09:55 AM <DIR> MSN MESSENGER 6.2.0137
09/03/2002 07:05 PM <DIR> MSN6
08/17/2004 09:35 AM <DIR> QUICKTIME
04/20/2002 02:28 AM <DIR> SBSI
09/12/2004 09:31 AM <DIR> SPYBOT - SEARCH & DESTROY
08/23/2005 11:34 PM <DIR> SYMANTEC
08/06/2004 09:23 AM <DIR> VIEWPOINT
09/09/2004 06:58 PM <DIR> ZERO KNOWLEDGE
1 FILE(S) 2,702 BYTES
13 DIR(S) 43,845,615,616 BYTES FREE
VOLUME IN DRIVE C IS HP_PAVILION
VOLUME SERIAL NUMBER IS D83E-DA06

DIRECTORY OF C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA

04/20/2002 02:04 AM <DIR> ADOBE
09/09/2004 04:46 PM <DIR> AOL
08/09/2003 09:55 PM <DIR> ARCSOFT
01/20/2003 06:14 PM <DIR> COREL
09/09/2004 07:09 PM <DIR> FREEDOM
07/11/2005 10:54 PM 46,360 GDIPFONTCACHEV1.DAT
08/16/2002 05:15 PM <DIR> HELP
10/27/2002 01:41 PM <DIR> IDENTITIES
04/20/2002 02:04 AM <DIR> INTERTRUST
12/27/2003 09:17 PM <DIR> INTERVIDEO
08/16/2005 01:51 PM <DIR> LAVASOFT
06/28/2004 05:03 AM <DIR> MACROMEDIA
06/17/2005 10:37 AM <DIR> MOTIVE
07/10/2005 02:40 PM <DIR> MOZILLA
09/10/2004 02:15 PM <DIR> MSN6
07/11/2005 11:34 AM <DIR> MSNINSTALLER
08/23/2002 08:07 PM 12,358 PFP100JCM.{PB
08/23/2002 08:07 PM 61,678 PFP100JPR.{PB
06/15/2005 02:26 PM <DIR> SUN
04/25/2002 10:39 PM <DIR> SYMANTEC
08/01/2002 12:47 PM <DIR> TEMPLATE
07/10/2005 02:40 PM <DIR> THUNDERBIRD
08/20/2005 12:25 PM <DIR> TREND MICRO
09/12/2004 02:15 AM 33 TVMCWRD.DLL
08/06/2002 12:04 PM <DIR> VERITAS
08/10/2005 06:13 PM <DIR> WEBROOT
08/06/2004 09:23 AM <DIR> YOU'VE GOT PICTURES SCREENSAVER
09/09/2004 07:08 PM <DIR> ZERO KNOWLEDGE
4 FILE(S) 120,429 BYTES
24 DIR(S) 43,845,615,616 BYTES FREE
VOLUME IN DRIVE C IS HP_PAVILION
VOLUME SERIAL NUMBER IS D83E-DA06

DIRECTORY OF C:\DOCUMENTS AND SETTINGS\DEFAULT USER\APPLICATION DATA

01/05/2003 06:29 PM <DIR> .
01/05/2003 06:29 PM <DIR> ..
04/19/2002 05:08 PM 62 DESKTOP.INI
1 FILE(S) 62 BYTES
2 DIR(S) 43,845,615,616 BYTES FREE
VOLUME IN DRIVE C IS HP_PAVILION
VOLUME SERIAL NUMBER IS D83E-DA06

DIRECTORY OF C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA

VOLUME IN DRIVE C IS HP_PAVILION
VOLUME SERIAL NUMBER IS D83E-DA06

DIRECTORY OF C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA

[TRACE] ENUMERATING JOBS AND QUEUES
[TRACE] ACTIVATING JOB 'SYMANTEC NETDETECT.JOB'
[TRACE] PRINTING ALL JOB PROPERTIES

APPLICATIONNAME: 'C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\NDETECT.EXE'
PARAMETERS: ''
WORKINGDIRECTORY: 'C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE'
COMMENT: 'SYMANTEC NETDETECT'
CREATOR: 'OWNER'
PRIORITY: NORMAL
MAXRUNTIME: 259200000 (3D 0:00:00)
IDLEWAIT: 10
IDLEDEADLINE: 60
MOSTRECENTRUN: 08/24/2005 21:53:00
NEXTRUN: 08/25/2005 1:53:00
STARTERROR: S_OK
EXITCODE: 0
STATUS: SCHED_S_TASK_READY
SCHEDULEDWORKITEM FLAGS:
DELETEWHENDONE = 0
SUSPEND = 0
STARTONLYIFIDLE = 0
KILLONIDLEEND = 0
RESTARTONIDLERESUME = 0
DONTSTARTIFONBATTERIES = 0
KILLIFGOINGONBATTERIES = 0
RUNONLYIFLOGGEDON = 1
SYSTEMREQUIRED = 0
HIDDEN = 0
TASKFLAGS: 0

1 TRIGGER

TRIGGER 0:
TYPE: DAILY
DAYSINTERVAL: 1
STARTDATE: 08/25/2005
ENDDATE: 00/00/0000
STARTTIME: 01:53
MINUTESDURATION: 1440
MINUTESINTERVAL: 240
FLAGS:
HASENDDATE = 0
KILLATDURATION = 0
DISABLED = 0

Logfile of HijackThis v1.99.1
Scan saved at 11:48:27 PM, on 8/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir...r=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Documents and Settings\Owner\Desktop\Cleanup.exe /WindowsRestart
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline