 Windows Error Bbccode: 1000008e |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jul 12 2008, 06:17 PM
Post
#1
|
|
|
Member  Group: Members Posts: 16 Joined: 12-July 08 Member No.: 222,114  |
I was removing some tracking cookies from my computer then I had a cookie in the recycling bin and could not delete it. I restarted my computer and about 30 seconds after windows boots up I start getting 'This system has recovered from a serious error.' I sent my error report and closed it and the exact same error popped up. and does everytime I close it. Error Signature BCCode : 1000008e BCP1 : C0000005 BCP2 : BF0137D7 BCP3 : 9F990C00 BCP4 : 00000000 OSVer : 5_1_2600 SP : 3_0 Product : 768_1 I am running: Windows XP Home Edition Service Pack 3 Intel core 2 duo e8500 @ 3.16 3.17 GHz, 2.00 GB ddr3 since I have been battling spyware lately I have a feeling it may be a virus causing my problem. End of added material. ~ OB Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:21:01 AM, on 7/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe C:\Program Files\Razer\Lachesis\razerhid.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Razer\Lachesis\OSD.exe C:\Program Files\GIGABYTE\GEST\GEST.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\WINDOWS\system32\dumprep.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Razer\Lachesis\razertra.exe C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Razer\Lachesis\razerofa.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\eAcceleration\Station\station_bk.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe C:\WINDOWS\system32\dwwin.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 10291 bytes This post has been edited by Orange Blossom: Jul 12 2008, 08:45 PM |
 |
 
|
|
Jul 23 2008, 06:59 AM
Post
#2
|
|
|
Member Group: Members Posts: 16 Joined: 12-July 08 Member No.: 222,114 |
been a while an no reply, so i thought id give it a little;
Bump. |
|
|
|
|
Aug 3 2008, 02:53 AM
Post
#3
|
|
 Forum Regular Group: HJT Team Posts: 189 Joined: 23-July 06 From: No U-Turn Syndrome Land Member No.: 77,489 |
Hello,
If you still need help, please do the following:
-------------------- 狂风暴雨烈日海啸不曾让我停下,也不曾把我打倒。
|
|
|
|
|
Aug 4 2008, 08:35 PM
Post
#4
|
|
|
Member Group: Members Posts: 16 Joined: 12-July 08 Member No.: 222,114 |
Deckard's System Scanner v20071014.68
Run by Mark on 2008-08-04 21:32:23 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 106: 2008-08-05 01:32:27 UTC - RP106 - Deckard's System Scanner Restore Point 105: 2008-08-04 05:45:35 UTC - RP105 - System Checkpoint 104: 2008-08-03 05:22:22 UTC - RP104 - System Checkpoint 103: 2008-08-02 02:52:41 UTC - RP103 - System Checkpoint 102: 2008-08-01 02:52:11 UTC - RP102 - Software Distribution Service 3.0 -- First Restore Point -- 1: 2008-06-01 04:08:18 UTC - RP1 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Mark.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:33:43 PM, on 8/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe C:\Program Files\Razer\Lachesis\razerhid.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Razer\Lachesis\OSD.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\GIGABYTE\GEST\GEST.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\eAcceleration\Station\station_bk.exe C:\Program Files\GIGABYTE\GEST\GSvr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Razer\Lachesis\razerofa.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Razer\Lachesis\razertra.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\Paltalk Messenger Interop\interop.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Mark\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Mark.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\RunOnce: [StopSignSsSsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 11107 bytes -- File Associations ----------------------------------------------------------- .cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%* .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%* -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R1 asuskbnt (Enhanced Display Driver Helper Service) - c:\windows\system32\drivers\atkkbnt.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Help driver For Keyboard Service.> R3 asusgsb (ASUS Virtual Video Capture Device Driver) - c:\windows\system32\drivers\asusgsb.sys <Not Verified; ASUSTeK Computer Inc.; ASUS Virtual Video Capture Device Driver> R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> R3 Video3D (ASUS Video3D Service) - c:\windows\system32\drivers\video3d32.sys <Not Verified; ASUSTeK COMPUTER INC.; ASUS Video3D driver> S3 uisp (Freescale USB JW32 driver) - c:\windows\system32\drivers\usbicp.sys <Not Verified; Motorola; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (Avira AntiVir Personal – Free Antivirus Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 ATKKeyboardService (ATK Keyboard Service) - c:\windows\atkkbservice.exe <Not Verified; ASUSTeK COMPUTER INC.; ASUS Keyboard Service> R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour> R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-08-04 01:57:10 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job -- Files created between 2008-07-04 and 2008-08-04 ----------------------------- 2008-07-31 17:54:08 0 d-------- C:\Program Files\Microsoft Speech SDK 5.1 2008-07-19 02:53:19 0 d-------- C:\Program Files\Windows Defender 2008-07-16 00:24:13 0 d-------- C:\Program Files\Karen's Alarm Clock 2008-07-16 00:24:08 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-07-12 19:23:59 0 d-------- C:\WINDOWS\Sun 2008-07-12 19:23:59 0 d-------- C:\Documents and Settings\Mark\Application Data\Sun 2008-07-12 19:23:14 0 d-------- C:\Program Files\Java 2008-07-12 19:22:59 0 d-------- C:\Program Files\Common Files\Java 2008-07-12 10:17:27 0 d-------- C:\Program Files\Trend Micro 2008-07-10 23:45:37 0 d-------- C:\Program Files\Lavasoft 2008-07-10 23:45:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-09 20:10:23 0 d-------- C:\Documents and Settings\Mark\DoctorWeb <DOCTOR~1> 2008-07-09 19:56:22 0 dr------- C:\Documents and Settings\LocalService\My Documents <MYDOCU~1> 2008-07-09 19:55:12 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe 2008-07-09 19:54:47 0 d-------- C:\Program Files\Acceleration Software 2008-07-09 19:53:33 0 d-------- C:\Documents and Settings\Mark\Application Data\eAcceleration 2008-07-09 19:51:29 0 d-------- C:\Documents and Settings\All Users\Application Data\eAcceleration 2008-07-09 19:51:26 0 d-------- C:\Program Files\eAcceleration 2008-07-09 19:50:45 0 d-------- C:\Program Files\Common Files\eAcceleration 2008-07-08 21:21:25 0 d--h----- C:\$AVG8.VAULT$ 2008-07-08 14:29:06 0 d-------- C:\Program Files\Avira 2008-07-08 14:29:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-07-08 14:08:42 0 d-------- C:\Program Files\Common Files\PC Tools 2008-07-08 14:08:37 0 d-------- C:\Program Files\Spyware Doctor 2008-07-08 14:08:37 0 d-------- C:\Documents and Settings\Mark\Application Data\PC Tools 2008-07-08 14:08:37 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Tools 2008-07-06 10:07:23 0 d-------- C:\Program Files\World of Warcraft 2 -- Find3M Report --------------------------------------------------------------- 2008-08-04 21:17:36 0 d-------- C:\Documents and Settings\Mark\Application Data\.gaim 2008-08-04 16:34:43 0 d-------- C:\Program Files\World of Warcraft 2008-08-03 18:20:23 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{0000000A-00000000-00000001-00001102-00000002-80221102}.dat 2008-08-03 18:20:23 24 --a------ C:\WINDOWS\system32\DVCState-{0000000A-00000000-00000001-00001102-00000002-80221102}.dat 2008-07-12 19:22:59 0 d-------- C:\Program Files\Common Files 2008-07-12 10:07:04 0 d-------- C:\Program Files\CoffeeCup Software 2008-07-10 23:44:54 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-10 23:38:41 1392 --a------ C:\WINDOWS\mozver.dat 2008-06-29 22:37:58 0 d-------- C:\Program Files\Free FLV Converter 2008-06-28 03:00:22 0 d-------- C:\Program Files\MSXML 4.0 2008-06-27 22:14:40 0 d-------- C:\Program Files\Proletary 2008-06-27 17:24:10 0 d-------- C:\Program Files\Speed Video to Audio Converter 2008-06-27 17:00:52 0 d-------- C:\Documents and Settings\Mark\Application Data\Nero 2008-06-27 17:00:20 0 d-------- C:\Program Files\Common Files\Nero 2008-06-27 16:59:13 0 d-------- C:\Program Files\Nero 2008-06-24 20:00:34 0 d-------- C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD 2008-06-24 20:00:27 0 d-------- C:\Program Files\Instant CD & DVD Burner 2008-06-24 20:00:11 0 d-------- C:\Program Files\Total Audio Capture 2008-06-24 19:55:56 0 --a------ C:\Documents and Settings\Mark\Application Data\AVSDVDPlayer.m3u 2008-06-24 19:20:34 0 d-------- C:\Program Files\NCH Software 2008-06-22 11:24:37 0 d-------- C:\Program Files\Winamp 2008-06-17 13:15:58 0 d-------- C:\Documents and Settings\Mark\Application Data\Adobe 2008-06-17 13:00:05 0 d-------- C:\Program Files\Common Files\Control Panels 2008-06-17 12:59:57 0 d-------- C:\Program Files\Common Files\Adobe 2008-06-17 12:49:18 0 d-------- C:\Program Files\QuickTime 2008-06-17 01:33:00 0 d-------- C:\Documents and Settings\Mark\Application Data\Winamp 2008-06-14 09:55:57 12 --a------ C:\WINDOWS\TACMMRmm.dat 2008-06-14 09:44:18 0 d-------- C:\Program Files\MagicSofts 2008-06-14 02:30:13 0 d-------- C:\Program Files\Dynamic HTML Editor 2008-06-13 01:00:08 225280 --a------ C:\WINDOWS\system32\TubeFinder.exe <Not Verified; Koyote Soft; Tube Finder> 2008-06-11 19:03:31 0 d-------- C:\Documents and Settings\Mark\Application Data\WinRAR 2008-06-11 19:03:03 0 d-------- C:\Program Files\The Extractor 2008-06-11 19:02:56 737280 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module> 2008-06-10 15:46:58 0 d-------- C:\Program Files\AVS4YOU 2008-06-10 15:46:57 0 d-------- C:\Program Files\Common Files\AVSMedia 2008-06-10 15:38:37 0 d-------- C:\Program Files\AdvancedDVDPlayer 2008-06-06 01:08:35 0 d-------- C:\Documents and Settings\Mark\Application Data\Command & Conquer 3 Tiberium Wars 2008-06-06 01:02:08 0 d-------- C:\Program Files\Electronic Arts 2008-06-05 13:29:01 0 d-------- C:\Program Files\PerformanceTest 2008-06-05 13:26:17 0 d-------- C:\Program Files\DAEMON Tools Lite 2008-06-05 13:24:40 0 d-------- C:\Documents and Settings\Mark\Application Data\DAEMON Tools 2008-06-04 18:42:54 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows> 2008-06-04 18:42:54 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic> 2008-06-04 18:42:54 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip> 2008-06-04 18:42:54 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL> 2008-06-04 18:42:54 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG> 2008-06-04 01:46:36 0 d-------- C:\Program Files\BitComet 2008-06-04 01:29:11 0 d-------- C:\Program Files\DivX 2008-06-04 00:49:54 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper> 2008-06-02 17:29:08 0 --a------ C:\WINDOWS\nsreg.dat 2008-06-01 21:07:55 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-06-01 04:23:25 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program> 2008-06-01 00:48:13 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2008-06-01 00:48:11 552 --a------ C:\WINDOWS\system32\d3d8caps.dat 2008-06-01 00:04:25 0 -rahs---- C:\MSDOS.SYS 2008-06-01 00:04:25 0 -rahs---- C:\IO.SYS 2008-06-01 00:04:25 0 --a------ C:\CONFIG.SYS 2008-06-01 00:04:25 0 --a------ C:\AUTOEXEC.BAT 2008-06-01 00:02:20 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Lachesis"="C:\Program Files\Razer\Lachesis\razerhid.exe" [09/12/2007 11:52 AM] "GEST"="C:\Program Files\GIGABYTE\GEST\RUN.exe" [12/14/2007 11:46 AM] "RTHDCPL"="RTHDCPL.EXE" [02/13/2008 02:31 AM C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [05/03/2005 06:43 AM C:\WINDOWS\Alcmtr.exe] "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [03/20/2007 02:36 AM] "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [08/29/2007 04:55 AM] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [01/21/2008 12:17 PM] "ASUSGamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [03/21/2008 10:52 AM] "WINDVDPatch"="CTHELPER.EXE" [07/02/2002 05:56 PM C:\WINDOWS\system32\CTHELPER.EXE] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 01:00 AM] "Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 01:00 AM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM] "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [01/11/2008 07:54 PM] "@"="" [] "Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 03:57 PM] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [08/08/2007 09:25 AM] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [07/17/2008 02:36 PM] "SoftwareStation"="C:\Program Files\eAcceleration\Station\station.exe" [04/15/2008 07:30 PM] "StopSignSsTsMon"="C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll" [04/21/2008 01:20 PM] "StopSignSsSsMon"="C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll" [04/21/2008 01:20 PM] "webscan"="C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" [05/14/2008 07:06 PM] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 07:20 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [04/01/2008 05:39 AM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [08/03/2007 12:51 PM] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [02/28/2007 11:06 PM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 08:00 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce] "StopSignSsSsMon"=Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus /ro [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] C:\WINDOWS\System32\dimsntfy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] eapsvcs eaphost dot3svc dot3svc HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs napagent hkmsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ab1768c-37e7-11dd-b617-001a701369b2}] AutoRun\command- F:\Setup.exe -- End of Deckard's System Scanner: finished at 2008-08-04 21:34:10 ------------ This post has been edited by Valdr: Aug 4 2008, 08:36 PM |
|
|
|
|
Aug 4 2008, 08:37 PM
Post
#5
|
|
|
Member Group: Members Posts: 16 Joined: 12-July 08 Member No.: 222,114 |
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 3.0 Architecture: X86; Language: English CPU 0: Intel Pentium III Xeon processor Percentage of Memory in Use: 35% Physical Memory (total/avail): 2046.42 MiB / 1329.76 MiB Pagefile Memory (total/avail): 3938.5 MiB / 3219.19 MiB Virtual Memory (total/avail): 2047.88 MiB / 1925.07 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 139.73 GiB total, 39.36 GiB free. D: is CDROM (No Media) E: is CDROM (No Media) F: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - WDC WD1500ADFD-00NLR5 - 139.73 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 139.73 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Mark\Application Data CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=MARK-6B578C053F ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Mark LOGONSERVER=\\MARK-6B578C053F NUMBER_OF_PROCESSORS=2 OS=Windows_NT Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 23 Stepping 6, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=1706 ProgramFiles=C:\Program Files PROMPT=$P$G SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Mark\LOCALS~1\Temp TMP=C:\DOCUME~1\Mark\LOCALS~1\Temp USERDOMAIN=MARK-6B578C053F USERNAME=Mark USERPROFILE=C:\Documents and Settings\Mark windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Mark (admin) -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s --> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S --> "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister --> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll --> C:\PROGRA~1\ACCELE~1\ANTI-V~1\regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll --> C:\PROGRA~1\COMMON~1\EACCEL~1\SysSnap\syssnap.exe -UnregServer --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL --> C:\WINDOWS\UNRecode.exe /UNINSTALL --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Add or Remove Adobe Creative Suite 3 Master Collection --> C:\Program Files\Common Files\Adobe\Installers\4dcfd9b7e901b57f81f667144603236\Setup.exe Adobe Acrobat 8.1.2 Security Update 1 (KB403742) --> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661} Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285} Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3 --> MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9} Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8} Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5} Adobe Contribute CS3 --> MsiExec.exe /I{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7} Adobe Creative Suite 3 Master Collection --> MsiExec.exe /I{8718DC03-D066-4957-94E5-50C3C5042E8E} Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3 --> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25} Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE} Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931} Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Fireworks CS3 --> MsiExec.exe /I{7DFC1012-D346-46CE-B03E-FF79125AE029} Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589} Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2} Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3} Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A} Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD} Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E} Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05} Adobe Premiere Pro CS3 --> C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA} Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Reader 8.1.2 Security Update 1 (KB403742) --> Adobe Setup --> MsiExec.exe /I{4458C442-7376-4CF9-AF58-E8CEA6722363} Adobe Setup --> MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244} Adobe SING CS3 --> MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2} Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9} Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8} Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe Version Cue CS3 Server --> MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963} Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC} Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} America's Army --> MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16} ASUS Gamer OSD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0 ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avira AntiVir Personal - Free Antivirus --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AVS DVD Player version 2.4 --> "C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe" AVS4YOU Software Navigator 1.2 --> "C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" BitComet 1.02 --> C:\Program Files\BitComet\uninst.exe Catalyst Control Center - Branding --> MsiExec.exe /I{4893A35F-0A23-48EC-8E74-24969244D6F2} Command & Conquer 3 --> MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32} Company of Heroes --> "C:\Program Files\THQ\Company of Heroes\Uninstall_English.exe" Company of Heroes - FAKEMSI --> MsiExec.exe /I{14574B7F-75D1-4718-B7F2-EBF6E2862A35} Company of Heroes - FAKEMSI --> MsiExec.exe /I{199E6632-EB28-4F73-AECB-3E192EB92D18} Company of Heroes - FAKEMSI --> MsiExec.exe /I{25724802-CC14-4B90-9F3B-3D6955EE27B1} Company of Heroes - FAKEMSI --> MsiExec.exe /I{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D} Company of Heroes - FAKEMSI --> MsiExec.exe /I{50193078-F553-4EBA-AA77-64C9FAA12F98} Company of Heroes - FAKEMSI --> MsiExec.exe /I{51D718D1-DA81-4FAD-919F-5C1CE3C33379} Company of Heroes - FAKEMSI --> MsiExec.exe /I{66F78C51-D108-4F0C-A93C-1CBE74CE338F} Company of Heroes - FAKEMSI --> MsiExec.exe /I{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3} Company of Heroes - FAKEMSI --> MsiExec.exe /I{80D03817-7943-4839-8E96-B9F924C5E67D} Company of Heroes - FAKEMSI --> MsiExec.exe /I{97E5205F-EA4F-438F-B211-F1846419F1C1} Company of Heroes - FAKEMSI --> MsiExec.exe /I{99A7722D-9ACB-43F3-A222-ABC7133F159E} Company of Heroes - FAKEMSI --> MsiExec.exe /I{BA801B94-C28D-46EE-B806-E1E021A3D519} Company of Heroes - FAKEMSI --> MsiExec.exe /I{D4D244D1-05E0-4D24-86A2-B2433C435671} Company of Heroes - FAKEMSI --> MsiExec.exe /I{EAF636A9-F664-4703-A659-85A894DA264F} Default --> MsiExec.exe /I{7CC3EAD0-1F27-49F0-8DAA-8D8B8E772D6D} DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Dynamic Energy Saver 1.0 B8.0128.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}\setup.exe" -l0x9 -removeonly Dynamic HTML Editor 1.9 --> "C:\Program Files\Dynamic HTML Editor\unins000.exe" Free FLV Converter V 5.0 --> "C:\Program Files\Free FLV Converter\unins000.exe" Gigabyte Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\SETUP.EXE" -l0x9 -removeonly HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Karen's Alarm Clock --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Karen's Alarm Clock\ST6UNST.LOG" Magic ISO Maker v5.4 (build 0255) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG MagicDisc 2.7.97 --> C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG Microsoft Speech SDK 5.1 --> MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1} Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.16) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033} Paltalk Messenger Interop --> "C:\Program Files\Paltalk Messenger Interop\uninstall.exe" PaltalkScene --> "C:\WINDOWS\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml" PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PerformanceTest v6.1 --> "C:\Program Files\PerformanceTest\unins000.exe" Razer Lachesis --> C:\Program Files\InstallShield Installation Information\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}\Setup.exe -runfromtemp -l0x0009 -removeonly REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE -runfromtemp -l0x0009 -removeonly Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly Sound Blaster Live! Web 2K/XP --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}\Setup.exe" -l0x9 SoundCapture --> C:\PROGRA~1\MAGICS~1\SC\UNWISE.EXE C:\PROGRA~1\MAGICS~1\SC\INSTALL.LOG Speed Video to Audio Converter 1.0.1 --> "C:\Program Files\Speed Video to Audio Converter\unins000.exe" Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG The Extractor --> C:\WINDOWS\iun6002.exe "C:\Program Files\The Extractor\irunin.ini" Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F} Winamp --> "C:\Program Files\Winamp\UninstWA.exe" Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Driver Package - MOTOROLA (uisp) USB (09/08/2006 1.2.0.0) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\usbicp_148F9D51ADD758FCD4B68B61FF903F813AA2083E\usbicp.inf Windows Driver Package - Razer (HidUsb) HIDClass (05/10/2007 1.00) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\lachesis_5474F75C461E8F731AF2FF7FF70E79E8AC52C56D\lachesis.inf World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf YouConvert Classic --> "C:\Program Files\Proletary\YouConvert Classic\unins000.exe" -- Application Event Log ------------------------------------------------------- Event Record #/Type1125 / Error Event Submitted/Written: 08/04/2008 09:13:12 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application wow.exe, version 2.4.3.8606, faulting module , version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [wow.exe!ws!] Event Record #/Type1124 / Warning Event Submitted/Written: 08/04/2008 02:38:27 AM Event ID/Source: 4113 / Avira AntiVir Event Description: HEUR/HTML.MalwareC:\Documents and Settings\Mark\Local Settings\Temp\spy_Integrated_Search_Technologies_ISTBar.cnr.tmp Event Record #/Type1122 / Warning Event Submitted/Written: 08/03/2008 06:21:40 PM Event ID/Source: 1015 / EvntAgnt Event Description: TraceLevel parameter not located in registry; Default trace level used is 32. Event Record #/Type1121 / Warning Event Submitted/Written: 08/03/2008 06:21:40 PM Event ID/Source: 1003 / EvntAgnt Event Description: TraceFileName parameter not located in registry; Default trace file used is . Event Record #/Type1113 / Warning Event Submitted/Written: 08/03/2008 06:20:16 PM Event ID/Source: 1524 / Userenv Event Description: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type5054 / Warning Event Submitted/Written: 08/04/2008 09:33:55 PM Event ID/Source: 3004 / WinDefend Event Description: %MARK-6B578C053F27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MARK-6B578C053F27 can't undo changes that you allow. For more information please see the following: %MARK-6B578C053F275 Scan ID: {C08288D7-F6DF-4988-A81B-EAE3823F6BA4} User: MARK-6B578C053F\Mark Name: %MARK-6B578C053F271 ID: %MARK-6B578C053F272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MARK-6B578C053F276 Alert Type: %MARK-6B578C053F278 Detection Type: 1.1.1593.02 Event Record #/Type5053 / Warning Event Submitted/Written: 08/04/2008 09:33:55 PM Event ID/Source: 3004 / WinDefend Event Description: %MARK-6B578C053F27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MARK-6B578C053F27 can't undo changes that you allow. For more information please see the following: %MARK-6B578C053F275 Scan ID: {1C61699D-B4BF-42A3-A5C2-E493B80A1227} User: MARK-6B578C053F\Mark Name: %MARK-6B578C053F271 ID: %MARK-6B578C053F272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MARK-6B578C053F276 Alert Type: %MARK-6B578C053F278 Detection Type: 1.1.1593.02 Event Record #/Type5052 / Warning Event Submitted/Written: 08/04/2008 09:33:55 PM Event ID/Source: 3004 / WinDefend Event Description: %MARK-6B578C053F27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MARK-6B578C053F27 can't undo changes that you allow. For more information please see the following: %MARK-6B578C053F275 Scan ID: {57DF2085-EB3D-4C30-B1A4-442410ED95BF} User: MARK-6B578C053F\Mark Name: %MARK-6B578C053F271 ID: %MARK-6B578C053F272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MARK-6B578C053F276 Alert Type: %MARK-6B578C053F278 Detection Type: 1.1.1593.02 Event Record #/Type5051 / Warning Event Submitted/Written: 08/04/2008 09:33:52 PM Event ID/Source: 3004 / WinDefend Event Description: %MARK-6B578C053F27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MARK-6B578C053F27 can't undo changes that you allow. For more information please see the following: %MARK-6B578C053F275 Scan ID: {942C62B7-7217-4866-87AE-49CDD40D7146} User: MARK-6B578C053F\Mark Name: %MARK-6B578C053F271 ID: %MARK-6B578C053F272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MARK-6B578C053F276 Alert Type: %MARK-6B578C053F278 Detection Type: 1.1.1593.02 Event Record #/Type5050 / Warning Event Submitted/Written: 08/04/2008 09:33:52 PM Event ID/Source: 3004 / WinDefend Event Description: %MARK-6B578C053F27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %MARK-6B578C053F27 can't undo changes that you allow. For more information please see the following: %MARK-6B578C053F275 Scan ID: {F32667D3-EC6A-4889-A02D-422C80BC8F94} User: MARK-6B578C053F\Mark Name: %MARK-6B578C053F271 ID: %MARK-6B578C053F272 Severity: 1.1.1593.05 Category: 1.1.1593.06 Path Found: %MARK-6B578C053F276 Alert Type: %MARK-6B578C053F278 Detection Type: 1.1.1593.02 -- End of Deckard's System Scanner: finished at 2008-08-04 21:34:10 ------------ |
|
|
|
|
Aug 5 2008, 07:35 PM
Post
#6
|
|
|
Forum Regular Group: HJT Team Posts: 189 Joined: 23-July 06 From: No U-Turn Syndrome Land Member No.: 77,489 |
Hello,
BitComet is installed on your computer. While BitComet is a clean P2P program, there's no guarantee that the files downloaded are. Please refrain from using it while cleaning your computer to prevent getting more infections. A list of clean and infected P2P programs can be found at Malware Removal and Spyware Info. The risks of using a P2P program are stated in this Sourceforge website and Information Week article. Please uninstall this program by doing the following: eAcceleration Click on Start > Run. Copy and paste in "C:\Program Files\eAcceleration\Station\station.exe" /UnRegister Press Enter. Follow the on-screen instructions, if any. Repeat for the following: regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\ssupload.dll regsvr32.exe /u /s C:\PROGRA~1\ACCELE~1\ANTI-V~1\vclnr.dll "C:\Program Files\Acceleration Software\Anti-Virus\ws_uninst.exe" -s QUOTE Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static Did you set the above yourself? -------------------- 狂风暴雨烈日海啸不曾让我停下,也不曾把我打倒。
|
|
|
|
|
Aug 6 2008, 10:39 AM
Post
#7
|
|
|
Member Group: Members Posts: 16 Joined: 12-July 08 Member No.: 222,114 |
I have done as your post has asked aside from BitComet (and yes I understand my decision about that) I have not used it since my infections started.
as far as your question if I set something myself... I'm not even sure what setting your talking about; so I probably didn't this morning I did a scan and found 'VBS.Psyme.377' I searched online but was unable to find hardly any info on removal. symantec seems to have changed their site so I couldn't even find it. and trend micro has nothing on it. This post has been edited by Valdr: Aug 6 2008, 10:40 AM |
|
|