Tech Support Forum banner
Status
Not open for further replies.

Yellow Triangle at the taskbar

5K views 2 replies 2 participants last post by  tetonbob 
#1 ·
The yellow triangle say that my computer has been infected with last version of PSW.x-Vir trojan. Here scan from dss.exe :

Deckard's System Scanner v20071014.68
Run by Advance Computer on 2007-11-15 12:49:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
34: 2007-11-15 04:49:24 UTC - RP34 - Deckard's System Scanner Restore Point
33: 2007-11-14 06:00:23 UTC - RP33 - Software Distribution Service 3.0
32: 2007-11-13 07:02:13 UTC - RP32 - Installed WinZip 11.1
31: 2007-11-13 05:55:11 UTC - RP31 - Removed AVG 7.5
30: 2007-11-12 04:22:31 UTC - RP30 - System Checkpoint


-- First Restore Point --
1: 2007-10-22 10:07:26 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Advance Computer.exe) ------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:27 PM, on 11/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Advance Computer\Desktop\dss.exe
C:\DOWNLO~1\Advance Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: Shell=Explorer.exe RVHOST.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {23B760D6-C98B-450B-9B32-26C7775CDF83} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\Video Add-on\icthis.exe
O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O22 - SharedTaskScheduler: doglike - {3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea} - C:\WINDOWS\system32\fftktmk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6538 bytes

-- HijackThis Fixed Entries (C:\DOWNLO~1\backups\) -----------------------------

backup-20071110-142522-131 O4 - HKCU\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe
backup-20071110-142522-226 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20071110-142522-736 O4 - HKCU\..\Run: [Free Upload Manager] "C:\Program Files\Free Download Manager\fum\fum.exe" -autorun
backup-20071110-142522-956 O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 npkcrypt - e:\program files\wizet\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>

S3 autorun - c:\huadio.tmp <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 GMSIPCI - f:\install\gmsipci.sys (file missing)
S3 IlvMoneyDRIVER53 - e:\program files\bc\cheat\v0.47hackpack\moonlight engine\ilvmoney1083.sys
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Video Controller
Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\3&13C0B0C5&0&48
Manufacturer:
Name: Multimedia Video Controller
PNP Device ID: PCI\VEN_109E&DEV_036E&SUBSYS_00000000&REV_11\3&13C0B0C5&0&48
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Controller
Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\3&13C0B0C5&0&49
Manufacturer:
Name: Multimedia Controller
PNP Device ID: PCI\VEN_109E&DEV_0878&SUBSYS_00000000&REV_11\3&13C0B0C5&0&49
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: USB20 Camera
Device ID: USB\VID_0C45&PID_627B\5&270F184&0&3
Manufacturer:
Name: USB20 Camera
PNP Device ID: USB\VID_0C45&PID_627B\5&270F184&0&3
Service:


-- Files created between 2007-10-15 and 2007-11-15 -----------------------------

2007-11-14 21:15:19 0 d-------- C:\Program Files\Image Icon Converter
2007-11-14 19:37:05 0 d-------- C:\Program Files\Video Add-on
2007-11-13 15:02:21 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-13 14:31:19 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-13 14:31:16 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Mozilla
2007-11-12 20:38:01 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
2007-11-12 20:38:01 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
2007-11-12 20:38:00 0 d-------- C:\Program Files\Cheat Engine
2007-11-12 20:30:22 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-11-12 16:02:06 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Grisoft
2007-11-08 19:35:27 0 d-------- C:\WINDOWS\pss
2007-10-31 17:21:07 0 d-------- C:\Program Files\MP3 Player Utilities 3.68
2007-10-28 17:54:15 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-27 11:31:59 0 d-------- C:\WINDOWS\system32\PreInstall
2007-10-27 11:31:55 0 d--h----- C:\WINDOWS\$hf_mig$
2007-10-27 10:50:24 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-10-26 14:20:14 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Media Player Classic
2007-10-25 22:11:11 163840 --a------ C:\WINDOWS\system32\unrar.dll
2007-10-25 22:11:07 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-10-25 22:11:07 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-10-25 22:11:06 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-10-25 22:11:06 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-10-25 22:11:06 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-10-25 22:11:06 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-10-25 22:11:05 282624 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-10-25 22:11:05 1559040 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-10-25 22:11:04 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-10-25 22:11:04 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-10-25 22:11:03 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-10-25 22:11:01 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-10-25 22:10:57 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-10-25 20:23:30 0 d-------- C:\Program Files\MSN Messenger
2007-10-25 20:19:52 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-10-25 20:16:59 0 d-------- C:\WINDOWS\Sun
2007-10-25 20:16:59 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Sun
2007-10-25 14:08:39 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Help
2007-10-25 13:13:11 0 d-------- C:\Games
2007-10-24 18:45:41 0 d-------- C:\WINDOWS\Application Data
2007-10-24 18:44:49 4682 --a------ C:\WINDOWS\system32\npptNT2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
2007-10-24 11:12:49 0 d-------- C:\Program Files\Big Island Blends
2007-10-24 11:12:32 0 d-------- C:\Program Files\ReflexiveArcade
2007-10-23 20:27:47 0 d--h----- C:\WINDOWS\PIF
2007-10-23 20:24:54 1252364 --ah----- C:\Documents and Settings\Advance Computer\Application Data\setup.exe
2007-10-23 20:24:53 22040 --ah----- C:\Documents and Settings\Advance Computer\Application Data\addon.dat
2007-10-23 19:41:16 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\AdobeUM
2007-10-23 17:40:03 0 d--h----- C:\BJPrinter
2007-10-23 17:01:49 16384 --a------ C:\WINDOWS\system32\FileOps.exe
2007-10-23 17:01:48 0 d-------- C:\WINDOWS\system32\Adobe
2007-10-23 16:02:05 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Ahead
2007-10-23 13:15:11 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\CyberLink
2007-10-23 12:13:31 36864 --a------ C:\WINDOWS\system32\UnAudioNT.dll
2007-10-23 12:13:27 0 d-------- C:\Program Files\VIAudioi
2007-10-23 12:10:21 0 d-------- C:\Program Files\VIA
2007-10-23 12:09:54 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2007-10-23 11:42:58 0 d-------- C:\Program Files\inKline Global
2007-10-23 01:51:07 0 d--hs---- C:\WINDOWS\Installer
2007-10-23 01:51:06 0 d-------- C:\Program Files\Common Files\ODBC
2007-10-23 01:51:03 0 dr------- C:\Program Files
2007-10-23 01:51:03 0 d-------- C:\Program Files\Common Files
2007-10-23 01:51:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-10-23 01:50:41 0 d--h----- C:\Documents and Settings\All Users\Templates
2007-10-23 01:50:41 0 dr------- C:\Documents and Settings\All Users\Start Menu
2007-10-23 01:50:41 0 d-------- C:\Documents and Settings\All Users\Favorites
2007-10-23 01:50:41 0 dr------- C:\Documents and Settings\All Users\Documents
2007-10-23 01:50:41 0 d-------- C:\Documents and Settings\All Users\Desktop
2007-10-23 01:50:40 0 d--h----- C:\Documents and Settings\Default User\Templates
2007-10-23 01:50:40 0 dr------- C:\Documents and Settings\Default User\Start Menu
2007-10-23 01:50:40 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2007-10-23 01:50:40 0 d--h----- C:\Documents and Settings\Default User\Recent
2007-10-23 01:50:40 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2007-10-23 01:50:40 0 d--h----- C:\Documents and Settings\Default User\NetHood
2007-10-23 01:50:40 0 d-------- C:\Documents and Settings\Default User\My Documents
2007-10-23 01:50:40 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2007-10-23 01:50:40 0 d-------- C:\Documents and Settings\Default User\Favorites
2007-10-23 01:50:40 0 d-------- C:\Documents and Settings\Default User\Desktop
2007-10-23 01:50:40 0 d---s---- C:\Documents and Settings\Default User\Cookies
2007-10-23 01:50:27 0 d-------- C:\WINDOWS\system32\CatRoot2
2007-10-23 01:50:27 0 d-------- C:\WINDOWS\system32\CatRoot
2007-10-23 01:50:22 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2007-10-23 01:50:22 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2007-10-23 01:50:22 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2007-10-23 01:50:22 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2007-10-23 01:50:02 0 d-------- C:\Documents and Settings
2007-10-23 01:48:42 0 d--hs---- C:\System Volume Information
2007-10-23 01:45:17 0 d-------- C:\WINDOWS
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\WinSxS
2007-10-23 01:45:17 0 dr------- C:\WINDOWS\Web
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\twain_32
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\wins
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\wbem
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\usmt
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\spool
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\ShellExt
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\Setup
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\ras
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\oobe
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\npp
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\mui
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\inetsrv
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\IME
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\icsxml
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\ias
2007-10-23 01:45:17 12800 --a-s---- C:\WINDOWS\system32\fftktmk.dll
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\export
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\drivers
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\drivers\etc
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\drivers\disdn
2007-10-23 01:45:17 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\dhcp
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\config
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\3com_dmi
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\3076
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\2052
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1054
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1042
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1041
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1037
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1033
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1031
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1028
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system32\1025
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\system
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\security
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Resources
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\repair
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Provisioning
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\PeerNet
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\pchealth
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\mui
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\msapps
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\msagent
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Media
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\java
2007-10-23 01:45:17 0 d--h----- C:\WINDOWS\inf
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\ime
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Help
2007-10-23 01:45:17 0 dr--s---- C:\WINDOWS\Fonts
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\ehome
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Driver Cache
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Debug
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Cursors
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Connection Wizard
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\Config
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\AppPatch
2007-10-23 01:45:17 0 d-------- C:\WINDOWS\addins
2007-10-22 22:51:35 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\WinRAR
2007-10-22 22:30:04 0 d-------- C:\Program Files\Java
2007-10-22 22:26:25 0 d-------- C:\Program Files\Common Files\Java
2007-10-22 22:17:47 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Adobe
2007-10-22 21:58:55 0 d-------- C:\Downloads
2007-10-22 21:20:16 0 d-------- C:\Program Files\Alexa Toolbar
2007-10-22 21:19:45 0 d-------- C:\WINDOWS\system32\LogFiles
2007-10-22 20:55:36 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Macromedia
2007-10-22 20:50:19 0 d---s---- C:\Documents and Settings\Advance Computer\UserData
2007-10-22 20:45:56 260896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-10-22 20:45:56 37658912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-10-22 20:45:56 0 d-------- C:\Program Files\Kaspersky Lab
2007-10-22 20:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-22 20:39:00 0 d-------- C:\Program Files\Ares
2007-10-22 20:37:20 0 d-------- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2007-10-22 20:23:15 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Google
2007-10-22 20:23:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-22 20:22:33 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-22 20:22:31 0 d-------- C:\Program Files\Google
2007-10-22 19:22:27 1901 --a------ C:\WINDOWS\panose.bin
2007-10-22 19:17:43 156672 --a------ C:\WINDOWS\sprof32.dll <Not Verified; Eastman Kodak Company; KODAK DIGITAL SCIENCE ICC Profile API>
2007-10-22 19:17:43 53760 --a------ C:\WINDOWS\Ptpick32.dll <Not Verified; Eastman Kodak Company; Kodak Precision PT Picker>
2007-10-22 19:17:43 58368 --a------ C:\WINDOWS\pfpick.dll <Not Verified; Eastman Kodak Company; Kodak Digital Science Profile Picker>
2007-10-22 19:17:43 48128 --a------ C:\WINDOWS\Kpsys32.dll <Not Verified; Eastman Kodak Company; KCMS System Interface Library>
2007-10-22 19:17:43 31744 --a------ C:\WINDOWS\Kpsharp.dll <Not Verified; Eastman Kodak Company; KODAK PRECISION Sharpen Plug-in>
2007-10-22 19:17:43 31232 --a------ C:\WINDOWS\Kpscale.dll <Not Verified; Eastman Kodak Company; KODAK PRECISION Scaling Plug-in>
2007-10-22 19:17:43 70144 --a------ C:\WINDOWS\Kpfp32.dll <Not Verified; Eastman Kodak Company; Kodak Precision Filter Processor (Win32)>
2007-10-22 19:17:43 243712 --a------ C:\WINDOWS\Kpcp32.dll <Not Verified; Eastman Kodak Company; KODAK DIGITAL SCIENCE Professional Color Processor (Win32)>
2007-10-22 19:17:43 39095 --a------ C:\WINDOWS\Iccsigs.dat
2007-10-22 19:17:43 20992 --a------ C:\WINDOWS\icccodes.dll <Not Verified; Eastman Kodak Company; KCMS ICCCODES>
2007-10-22 19:17:43 42483 --a------ C:\WINDOWS\Icccodes.dat
2007-10-22 19:17:28 6144 --a------ C:\WINDOWS\system32\W95fiber.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2007-10-22 19:17:28 210944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2007-10-22 19:17:28 32792 --a------ C:\WINDOWS\Spwhpt.dll <Not Verified; Eastman Kodak Company; Kodak Digital Science White Point>
2007-10-22 19:17:28 212480 --a------ C:\WINDOWS\Pcdlib32.dll <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2007-10-22 19:17:16 0 d-------- C:\WINDOWS\system32\Color
2007-10-22 19:17:16 0 d-------- C:\Kpcms
2007-10-22 18:36:49 0 d-------- C:\Program Files\Common Files\L&H
2007-10-22 18:36:43 0 d-------- C:\Program Files\Microsoft.NET
2007-10-22 18:36:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-10-22 18:36:10 0 d-------- C:\Program Files\Microsoft Works
2007-10-22 18:35:49 0 d-------- C:\WINDOWS\SHELLNEW
2007-10-22 18:33:39 0 dr-h----- C:\MSOCache
2007-10-22 18:32:07 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-10-22 18:31:27 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-22 18:31:27 0 d-------- C:\Program Files\CyberLink
2007-10-22 18:31:23 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-22 18:29:37 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Free Download Manager
2007-10-22 18:29:32 0 d-------- C:\Program Files\Free Download Manager
2007-10-22 18:24:34 0 d-------- C:\Program Files\Nero
2007-10-22 18:24:34 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-22 18:24:07 0 d-------- C:\WINDOWS\RegisteredPackages
2007-10-22 18:21:23 0 d-------- C:\Program Files\Winamp
2007-10-22 18:19:20 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-22 18:19:04 0 d-------- C:\Program Files\Common Files\Real
2007-10-22 18:19:01 0 d-------- C:\Program Files\Real
2007-10-22 18:18:43 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Real
2007-10-22 18:17:36 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-10-22 18:17:18 0 d-------- C:\WINDOWS\system32\QuickTime
2007-10-22 18:17:16 0 d-------- C:\Program Files\QuickTime
2007-10-22 18:16:24 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-10-22 18:15:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-22 18:12:14 306688 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-10-22 18:11:44 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-22 18:07:13 0 d-------- C:\Documents and Settings\Advance Computer\Application Data\Identities
2007-10-22 18:07:04 0 d--h----- C:\Documents and Settings\Advance Computer\Templates
2007-10-22 18:07:04 0 dr------- C:\Documents and Settings\Advance Computer\Start Menu
2007-10-22 18:07:04 0 dr-h----- C:\Documents and Settings\Advance Computer\SendTo
2007-10-22 18:07:04 0 dr-h----- C:\Documents and Settings\Advance Computer\Recent
2007-10-22 18:07:04 0 d--h----- C:\Documents and Settings\Advance Computer\PrintHood
2007-10-22 18:07:04 3145728 --ah----- C:\Documents and Settings\Advance Computer\NTUSER.DAT
2007-10-22 18:07:04 0 d--h----- C:\Documents and Settings\Advance Computer\NetHood
2007-10-22 18:07:04 0 dr------- C:\Documents and Settings\Advance Computer\My Documents
2007-10-22 18:07:04 0 d--h----- C:\Documents and Settings\Advance Computer\Local Settings
2007-10-22 18:07:04 0 dr------- C:\Documents and Settings\Advance Computer\Favorites
2007-10-22 18:07:04 0 d-------- C:\Documents and Settings\Advance Computer\Desktop
2007-10-22 18:07:04 0 d---s---- C:\Documents and Settings\Advance Computer\Cookies
2007-10-22 18:07:04 0 dr-h----- C:\Documents and Settings\Advance Computer\Application Data
2007-10-22 18:06:00 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-10-22 18:05:50 0 d-------- C:\WINDOWS\Prefetch
2007-10-22 18:05:49 0 d---s---- C:\WINDOWS\system32\Microsoft
2007-10-22 18:05:49 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2007-10-22 18:05:49 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2007-10-22 18:05:49 0 d-------- C:\Documents and Settings\LocalService\Application Data
2007-10-22 18:05:49 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2007-10-22 18:05:48 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2007-10-22 18:05:42 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2007-10-22 18:05:42 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2007-10-22 18:05:42 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2007-10-22 18:05:42 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2007-10-22 18:05:41 262144 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2007-10-22 18:02:22 0 d-------- C:\WINDOWS\system32\xircom
2007-10-22 18:02:22 0 d-------- C:\Program Files\microsoft frontpage
2007-10-22 18:02:10 225280 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT
2007-10-22 18:02:02 0 -rahs---- C:\MSDOS.SYS
2007-10-22 18:02:02 0 -rahs---- C:\IO.SYS
2007-10-22 18:02:02 0 --a------ C:\CONFIG.SYS
2007-10-22 18:02:02 0 --a------ C:\AUTOEXEC.BAT
2007-10-22 18:00:44 0 d--hs---- C:\Documents and Settings\All Users\DRM
2007-10-22 18:00:33 0 dr------- C:\WINDOWS\Offline Web Pages
2007-10-22 18:00:33 0 d---s---- C:\WINDOWS\Downloaded Program Files
2007-10-22 18:00:22 0 d--h----- C:\Program Files\WindowsUpdate
2007-10-22 18:00:04 0 d-------- C:\WINDOWS\system32\DirectX
2007-10-22 17:59:38 0 d---s---- C:\WINDOWS\Tasks
2007-10-22 17:59:37 0 d-------- C:\Program Files\Common Files\MSSoap
2007-10-22 17:59:34 0 d-------- C:\WINDOWS\system32\Macromed
2007-10-22 17:59:34 0 d-------- C:\WINDOWS\srchasst
2007-10-22 17:59:27 0 d-------- C:\Program Files\Movie Maker
2007-10-22 17:59:21 0 d-------- C:\WINDOWS\system32\Restore
2007-10-22 17:58:45 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-10-22 17:58:27 0 d-------- C:\WINDOWS\Registration
2007-10-22 17:58:20 0 d-------- C:\Program Files\Online Services
2007-10-22 17:58:14 0 d-------- C:\Program Files\Messenger
2007-10-22 17:58:11 0 d-------- C:\Program Files\MSN Gaming Zone
2007-10-22 17:57:41 0 d-------- C:\Program Files\Windows NT
2007-10-22 17:57:40 215552 --a------ C:\WINDOWS\system32\termsrv.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-22 17:57:39 0 d-------- C:\WINDOWS\system32\MsDtc
2007-10-22 17:57:38 0 d-------- C:\WINDOWS\system32\Com


-- Find3M Report ---------------------------------------------------------------

2007-10-23 01:50:40 62 --ahs---- C:\Documents and Settings\Advance Computer\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{23B760D6-C98B-450B-9B32-26C7775CDF83}]
C:\Program Files\Video Add-on\isfmdl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/22/2007 06:17 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01/12/2006 04:40 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/02/2004 08:24 PM]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [03/24/2006 07:09 PM]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [10/11/2004 02:54 PM]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [09/06/2005 11:10 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [05/11/2007 03:06 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 05:25 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 01:32 PM]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [10/20/2007 12:55 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [09/01/2004 08:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [10/22/2007 08:22 PM]
"ares"="C:\Program Files\Ares\Ares.exe" [07/17/2007 05:54 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [10/22/2007 6:12:51 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [10/22/2007 8:22:33 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"some"=C:\Program Files\Video Add-on\icthis.exe
"start"=C:\Program Files\Video Add-on\isfmntr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3750da11-9b0c-4a75-9c8a-bbcbfcd1ccea}"= C:\WINDOWS\system32\fftktmk.dll [11/14/2007 02:47 PM 12800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe RVHOST.exe"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f94ece-8379-11dc-be3a-0013d3f6806f}]
AutoPlay\command- wscript.exe \len.js
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \len.js
Explore\command- wscript.exe \len.js -Clicked
Open\command- wscript.exe \len.js

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22f94edc-8379-11dc-be3a-0013d3f6806f}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af7c8e44-85da-11dc-88f1-0013d3f6806f}]
Auto\command- I:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b48e21ec-8f43-11dc-a990-0013d3f6806f}]
Auto\command- G:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbe8dc84-8c1a-11dc-a605-0013d3f6806f}]
Auto\command- G:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca27b111-8209-11dc-9ef6-0013d3f6806f}]
Auto\command- G:\SVCH.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SVCH.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb891d1e-814b-11dc-9de3-0013d3f6806f}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe .MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8ce72b7-8790-11dc-895c-0013d3f6806f}]
AutoPlay\command- wscript.exe \len.js
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe \len.js
Explore\command- wscript.exe \len.js -Clicked
Open\command- wscript.exe \len.js




-- End of Deckard's System Scanner: finished at 2007-11-15 12:51:55 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Sempron(tm) Processor 2500+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 1023.48 MiB / 578.49 MiB
Pagefile Memory (total/avail): 2460.59 MiB / 2124.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1914.96 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 39.06 GiB total, 28.19 GiB free.
D: is Fixed (NTFS) - 39.06 GiB total, 0.92 GiB free.
E: is Fixed (NTFS) - 36.36 GiB total, 6.15 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - MAX - 114.49 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 75.42 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntivirusOverride is set.

AV: Kaspersky Anti-Virus 6.0 v6.0.0.300 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares p2p for windows"
"E:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe"="E:\\Program Files\\Wizet\\MapleStory\\MapleStory.exe:*:Enabled:MapleStory"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Advance Computer\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UTAMA2
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Advance Computer
LOGONSERVER=\\UTAMA2
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADVANC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADVANC~1\LOCALS~1\Temp
USERDOMAIN=UTAMA2
USERNAME=Advance Computer
USERPROFILE=C:\Documents and Settings\Advance Computer
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Advance Computer (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Illustrator 10 --> "C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe PageMaker 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\PageMaker 7.0\Uninst.isu" -c"C:\Program Files\Adobe\PageMaker 7.0\Uninst.dll"
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Big Island Blends --> "C:\Program Files\Big Island Blends\ReflexiveArcade\unins000.exe"
Cheat Engine 5.3 --> "C:\Program Files\Cheat Engine\unins000.exe"
Free Download Manager 2.5 --> "C:\Program Files\Free Download Manager\unins000.exe"
getPlus(R)_ocx --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Downloads\HijackThis.exe" /uninstall
Image Icon Converter 1.3 --> "C:\Program Files\Image Icon Converter\unins000.exe"
Information Center --> "C:\Program Files\Video Add-on\icun.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
MapleStory --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{80EAC1F5-3067-4E57-A09F-3AF728C59FE5}\setup.exe" -l0x9 -removeonly
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Script 5.7 --> "C:\WINDOWS\$NtUninstallscripten$\spuninst\spuninst.exe"
Modem Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B840B57-B667-11D5-80AA-0000B494D9A6}\Setup.exe" -l0x9
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Player Utilities 3.68 --> MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
Nero 7 Essentials --> MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Vinyl Audio Codecs Driver Setup Program --> RunDll32.exe UnAudioNT.dll,UninstallAudio C:\WINDOWS\IsUninst.exe -y-f"C:\PROGRA~1\VIAudioi\SBASetup\Uninst.isu"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Safety Alert --> C:\Documents and Settings\Advance Computer\Local Settings\Temp\laf1.exe /del
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type522 / Error
Event Submitted/Written: 11/12/2007 10:12:03 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e5a.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type521 / Error
Event Submitted/Written: 11/12/2007 11:39:29 AM
Event ID/Source: 2001 / Microsoft Office 11
Event Description:
Rejected Safe Mode action : Microsoft Office Word.

Event Record #/Type485 / Error
Event Submitted/Written: 11/09/2007 05:50:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type479 / Error
Event Submitted/Written: 11/09/2007 05:39:26 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type478 / Error
Event Submitted/Written: 11/09/2007 05:36:06 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application EXCEL.EXE, version 11.0.5612.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2945 / Warning
Event Submitted/Written: 11/15/2007 11:52:09 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2940 / Warning
Event Submitted/Written: 11/15/2007 11:38:26 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2917 / Warning
Event Submitted/Written: 11/14/2007 09:24:56 PM
Event ID/Source: 20 / Print
Event Description:
Printer Driver HP LaserJet 1100 for Windows NT x86 Version-3 was added or updated. Files:- HPBF201G.DLL, HPBF201E.DLL, HPBF201I.PMD, HPBF201I.HLP, HPBF201F.DLL, HPBF201H.DLL, HPBF201I.DLL, HPBF201J.DLL, HPBF201K.DLL, HPBAFD32.DLL, HPBFTM32.DLL, HPDCMON.DLL.

Event Record #/Type2908 / Warning
Event Submitted/Written: 11/14/2007 08:02:14 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type2882 / Warning
Event Submitted/Written: 11/14/2007 07:47:03 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.



-- End of Deckard's System Scanner: finished at 2007-11-15 12:51:55 ------------
 

Attachments

See less See more
#3 ·
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

If you still require assistance with this issue, please do this:

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top