Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ajmal's HJT log


  • Please log in to reply
8 replies to this topic

#1 ajmal

ajmal

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 07 August 2007 - 07:49 AM

Mod Edit: This log was split, from this thread:
Computer Keeps Rebooting Can You Help Me Please


sry took so long for me to reply having internet problems but here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:07, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\AOL\1185626332\ee\AOLSoftware.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.0\aoltray.exe
c:\program files\common files\aol\1185626332\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1185626332\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=eng
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185626332\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1185625414906
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E774B1D-B90F-43AE-B136-BAF2A57F943F}: NameServer = 205.188.146.145
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 8675 bytes

Edited by tg1911, 07 August 2007 - 09:21 AM.


BC AdBot (Login to Remove)

 


m

#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 13 August 2007 - 10:16 AM

Hi ajmal,

Sorry for the delay. I really don't think this is a malware problem as nothing shows up in your log. It's still possible there is a rootkit causing the bsod's, so let's run a couple of scans to rule that in or out.

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  • Close all applications and windows.
  • Double-click on dss.exe to run it, and follow the prompts. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
  • When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  • Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.
Please run a GMER Rootkit scan:

Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it to the desktop and start GMER.exe
Click the Rootkit tab.
Make sure the "Show all" checkbox is unchecked and leave it that way.
Click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results here in your next reply.

If you're having problems with running GMER.exe, try it in safe mode. This tool works in safe mode. Most other rootkit revealers don't.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#3 ajmal

ajmal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 14 August 2007 - 09:12 PM

i had to restore my computer to its origional settings as it came from the factory this morning as i was doing the scan.... so will this mean i need to post another hjt log after i hav installed all of windows updates

also i thaught it might be helpful if i wrote down the error when i was told to restore my system to how it was when i got it it was \WINDOWSZSYSTEM32\CONFIG\SYSTEM was either missing or damaged i hope this helps and if i need another hjt log tell me asap n il get bak 2 u wen i can thnx

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 15 August 2007 - 12:43 AM

Sorry to hear this. That message means your registry got corrupted and couldn't be read. Reinstalling Windows is about all you can do then that is anywhere like easy.

Did you reformat before installing Windows? If so there would really be no need for a new log--any malware problems should be gone. If you just installed Windows again without a reformat first you are welcome to post a log. But your problems sound more like a hardware issue. If something like your hard drive or motherboard, etc. is going out then you may have this happen again til you find out what the cause is.

Could you tell me what happened exactly? Which scan were you running? Did your computer shut down on you while scanning?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 ajmal

ajmal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 15 August 2007 - 08:03 AM

2 be honest i doubt it was the scan that caused this its happened like every 2 onths or so since i had the computer so it may be a hardware problem as you said but yeh i think itl b best if i do post a hjt log because im still quite new to computers n i dnt wana make it worse then it is

an on the reformat issue i wasnt given a copy of windows wen i got the computer but i got a disk which restres it to how it was from the factory with windows installed so what does tht mean??

Edited by ajmal, 15 August 2007 - 08:04 AM.


#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 15 August 2007 - 09:38 AM

What that means is that you probably have restore disks rather than a standard Windows CD. This is common now with computers that are what I call pre-built--those you get from a major manufacturer as opposed to one you build yourself. It has to do with licensing of Windows, you sort of share your license with the manufacturer. How that works can get pretty involved to explain, but for now it does answer the question--restore CD's, will usually reformat then reinstall Windows and all the drivers that are on that computer.

So a HijackThis log by itself probably won't help you with the underlying problem. Is this a relatively new PC? Can you post back the make and model number? I suspect you may have a lemon--the computer came with a bad part/hardware and if it is still under warranty it would be best to send it back. If it is used or that is otherwise not an option, your best bet is to post about this in the Windows XP Home and Professional or
Hardware forums. The HijackThis forum is mainly here for malware removal.

We can, however, gather some more information that you can link to so a overall diagnosis can be easier. So go ahead and run DSS and post that log here. I don't think you need GMER at this point, maybe later.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 ajmal

ajmal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 20 August 2007 - 09:20 AM

sry i took so long to reply but ive been having the system proble alot mre frequantl8ly thus not being able to get online i hope my comp will b ok long enuf 4 me to do this scan if so i shall post the dss log sometime 2day

#8 ajmal

ajmal
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 20 August 2007 - 10:12 AM

DSS Main Scan

Deckard's System Scanner v20070819.64
Run by Ajmal on 2007-08-20 16:04:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
28: 2007-08-20 15:04:42 UTC - RP28 - Deckard's System Scanner Restore Point
27: 2007-08-20 14:56:24 UTC - RP27 - Installed Windows XP KB810243.
26: 2007-08-20 14:55:12 UTC - RP26 - Installed Windows XP Q327979.
25: 2007-08-20 14:53:05 UTC - RP25 - Installed Windows XP Q322011.
24: 2007-08-20 14:52:33 UTC - RP24 - Installed Windows XP Q814995.


-- First Restore Point --
1: 2007-08-18 00:36:43 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-20 16:05:49
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.00.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Personal Firewall\MpfAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Documents and Settings\Ajmal.RUFRYDA\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiny.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiny.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187400419875
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...9314.3075925926
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\McAfee.com\Personal Firewall\MpfService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsvsd - c:\windows\system32\drivers\cdrbsvsd.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 MPFIREWL - c:\windows\system32\drivers\mpfirewall.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S3 GMSIPCI - e:\install\gmsipci.sys (file missing)
S3 Vsp - c:\windows\system32\drivers\vsp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - c:\program files\lavasoft\ad-aware 2007\aawservice.exe <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-07-20 and 2007-08-20 -----------------------------

2007-08-20 15:56:45 0 d-------- C:\WINDOWS\System32\URTTemp
2007-08-20 15:51:52 0 d-------- C:\WINDOWS\PeerNet
2007-08-20 15:32:58 171280 --a------ C:\WINDOWS\System32\jit.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:58 139536 --a------ C:\WINDOWS\System32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:58 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:58 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-08-20 15:32:57 313856 --a------ C:\WINDOWS\System32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-08-20 15:32:54 113 --a------ C:\WINDOWS\System32\zonedon.reg
2007-08-20 15:32:54 113 --a------ C:\WINDOWS\System32\zonedoff.reg
2007-08-20 15:32:54 171792 --a------ C:\WINDOWS\System32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:54 286992 --a------ C:\WINDOWS\System32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:54 21264 --a------ C:\WINDOWS\System32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:53 947472 --a------ C:\WINDOWS\System32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:53 154384 --a------ C:\WINDOWS\System32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:53 172304 --a------ C:\WINDOWS\System32\jview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:53 15120 --a------ C:\WINDOWS\System32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:52 404752 --a------ C:\WINDOWS\System32\javart.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:52 63248 --a------ C:\WINDOWS\System32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:52 187152 --a------ C:\WINDOWS\System32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:32:51 49424 --a------ C:\WINDOWS\System32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® Operating System>
2007-08-20 15:25:57 0 d-------- C:\WUTemp
2007-08-20 14:33:09 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Contacts
2007-08-19 16:49:28 0 d-------- C:\WINDOWS\.jagex_cache_32
2007-08-18 03:30:22 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data\McAfee.com Personal Firewall
2007-08-18 03:28:34 0 d--hs---- C:\FOUND.002
2007-08-18 02:57:29 0 d-------- C:\Program Files\Guild Wars
2007-08-18 02:52:02 0 d-------- C:\Program Files\Lavasoft
2007-08-18 02:52:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-18 02:51:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-18 02:47:29 0 d-------- C:\WINDOWS\System32\bits
2007-08-18 02:46:42 0 d---s---- C:\Documents and Settings\Ajmal.RUFRYDA\UserData
2007-08-18 02:45:38 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data\Macromedia
2007-08-18 02:42:36 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data\teamspeak2
2007-08-18 02:41:51 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-18 02:37:38 0 d--h----- C:\Documents and Settings\Ajmal.RUFRYDA\NetHood
2007-08-18 02:37:38 0 dr------- C:\Documents and Settings\Ajmal.RUFRYDA\Favorites
2007-08-18 02:37:38 0 dr------- C:\Documents and Settings\Ajmal.RUFRYDA\Desktop
2007-08-18 02:37:38 0 d---s---- C:\Documents and Settings\Ajmal.RUFRYDA\Cookies
2007-08-18 02:37:38 0 dr-h----- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data
2007-08-18 02:37:38 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data\Identities
2007-08-18 02:37:38 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\Application Data\Cyberlink
2007-08-18 02:37:37 0 d-------- C:\Documents and Settings\Ajmal.RUFRYDA\WINDOWS
2007-08-18 02:37:37 0 d--h----- C:\Documents and Settings\Ajmal.RUFRYDA\Templates
2007-08-18 02:37:37 0 dr------- C:\Documents and Settings\Ajmal.RUFRYDA\Start Menu
2007-08-18 02:37:37 0 dr-h----- C:\Documents and Settings\Ajmal.RUFRYDA\SendTo
2007-08-18 02:37:37 0 dr-h----- C:\Documents and Settings\Ajmal.RUFRYDA\Recent
2007-08-18 02:37:37 0 d--h----- C:\Documents and Settings\Ajmal.RUFRYDA\PrintHood
2007-08-18 02:37:37 1835008 --ah----- C:\Documents and Settings\Ajmal.RUFRYDA\NTUSER.DAT
2007-08-18 02:37:37 0 dr------- C:\Documents and Settings\Ajmal.RUFRYDA\My Documents
2007-08-18 02:37:37 0 d--h----- C:\Documents and Settings\Ajmal.RUFRYDA\Local Settings
2007-08-18 02:37:34 1835008 --ah----- C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT
2007-08-18 02:37:34 0 d--h----- C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings
2007-08-18 02:37:34 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies
2007-08-18 02:37:34 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data
2007-08-18 02:37:34 0 d---s---- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft
2007-08-18 02:37:32 1835008 --ah----- C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT
2007-08-18 02:37:32 0 d--h----- C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings
2007-08-18 02:37:32 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Cookies
2007-08-18 02:37:32 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data
2007-08-18 02:37:32 0 d---s---- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft
2007-08-18 02:36:46 0 d--hs---- C:\FOUND.001
2007-08-18 02:34:35 32768 -----n--- C:\Documents and Settings\Ajmal\Contacts
2007-08-18 02:33:47 0 d-------- C:\WINDOWS\System32\DRVSTORE
2007-08-18 02:33:37 0 d-------- C:\Program Files\MSN Messenger
2007-08-18 02:33:33 20480 --a------ C:\WINDOWS\System32\MpfApi.dll
2007-08-18 02:33:33 55936 --a------ C:\WINDOWS\System32\drivers\MpFirewall.sys
2007-08-18 02:33:28 0 d-------- C:\Program Files\McAfee.com
2007-08-18 02:28:47 0 d-------- C:\Documents and Settings\Ajmal\Application Data\teamspeak2
2007-08-18 02:28:36 0 d-------- C:\Program Files\Teamspeak2_RC2
2007-08-18 02:27:06 0 d-------- C:\WINDOWS\SoftwareDistribution
2007-08-18 02:26:52 0 d---s---- C:\Documents and Settings\Ajmal\UserData
2007-08-18 02:25:57 0 d-------- C:\Documents and Settings\Ajmal\Application Data\Macromedia
2007-08-18 02:25:05 0 d-------- C:\Documents and Settings\Ajmal\Application Data\AOL
2007-08-18 02:24:49 0 d-------- C:\Program Files\Common Files\aolback
2007-08-18 02:24:47 0 d-------- C:\Program Files\AOL Companion
2007-08-18 02:24:43 102400 --a------ C:\WINDOWS\System32\SimpleRegistry.dll <Not Verified; 4Developers LLC; SimpleRegistry Control>
2007-08-18 02:24:43 10752 --a------ C:\WINDOWS\System32\aamd532.dll <Not Verified; Almeida & Andrade Ltda; MD5 Maker DLL>
2007-08-18 02:24:42 368912 --a------ C:\WINDOWS\System32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-08-18 02:24:40 0 d-------- C:\Documents and Settings\Ajmal\Application Data\You've Got Pictures Screensaver
2007-08-18 02:24:39 0 d-------- C:\WINDOWS\occache
2007-08-18 02:24:39 0 d-------- C:\Program Files\Learn2.com
2007-08-18 02:24:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-18 02:24:37 0 d-------- C:\Program Files\Viewpoint
2007-08-18 02:24:31 0 d-------- C:\Program Files\AOL Toolbar
2007-08-18 02:24:27 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-08-18 02:24:22 0 d-------- C:\WINDOWS\System32\QuickTime
2007-08-18 02:24:22 0 d-------- C:\Program Files\QuickTime
2007-08-18 02:24:21 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-08-18 02:24:16 0 d-------- C:\Program Files\Common Files\Nullsoft
2007-08-18 02:24:10 0 d-------- C:\My Music
2007-08-18 02:24:09 8552 --a------ C:\WINDOWS\System32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
2007-08-18 02:24:04 0 d-------- C:\Program Files\Real
2007-08-18 02:24:04 0 d-------- C:\Program Files\Common Files\Real
2007-08-18 02:23:42 1044480 --a------ C:\WINDOWS\System32\roboex32.dll <Not Verified; eHelp Corporation.; RoboHELP for WinHelp 9>
2007-08-18 02:23:42 153088 --a------ C:\WINDOWS\System32\jgdwmie.dll <Not Verified; America Online; JG Decoder>
2007-08-18 02:23:42 54784 --a------ C:\WINDOWS\System32\Inetwh32.dll <Not Verified; Blue Sky Software Corporation.; Blue Sky Software - INETWH32>
2007-08-18 02:23:17 0 d-------- C:\Program Files\Common Files\aolshare
2007-08-18 02:23:14 0 d-------- C:\Program Files\AOL 9.0
2007-08-18 02:23:14 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-08-18 02:22:59 0 d-------- C:\Program Files\Common Files\AOL
2007-08-18 02:22:58 335 --a------ C:\WINDOWS\nsreg.dat
2007-08-18 02:22:51 0 d-------- C:\temp
2007-08-18 02:22:23 36864 --a------ C:\WINDOWS\Restart.exe
2007-08-18 02:22:23 53248 --a------ C:\WINDOWS\AppRun.exe
2007-08-18 02:22:23 0 d-------- C:\Program Files\VoyagerTest
2007-08-18 02:22:23 0 d-------- C:\Program Files\Common Files\FTL Shared
2007-08-18 02:21:52 160951 -----n--- C:\WINDOWS\System32\drivers\gtipdsp_.bin
2007-08-18 02:21:52 12288 -----n--- C:\WINDOWS\System32\CplEng.dll <Not Verified; GlobespanVirata; DSL Status>
2007-08-18 02:21:51 0 d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2007-08-18 02:21:38 0 d-------- C:\Program Files\VoyagerModem105Drivers
2007-08-18 02:19:32 0 d-------- C:\WINDOWS\pss
2007-08-18 02:19:09 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-08-18 01:39:06 0 d--hs---- C:\FOUND.000
2007-08-18 01:37:28 0 d-------- C:\Documents and Settings\Ajmal\WINDOWS
2007-08-18 01:37:28 0 d--h----- C:\Documents and Settings\Ajmal\Templates
2007-08-18 01:37:28 0 dr------- C:\Documents and Settings\Ajmal\Start Menu
2007-08-18 01:37:28 0 dr-h----- C:\Documents and Settings\Ajmal\SendTo
2007-08-18 01:37:28 0 dr-h----- C:\Documents and Settings\Ajmal\Recent
2007-08-18 01:37:28 0 d--h----- C:\Documents and Settings\Ajmal\PrintHood
2007-08-18 01:37:28 1048576 --ah----- C:\Documents and Settings\Ajmal\NTUSER.DAT
2007-08-18 01:37:28 0 d--h----- C:\Documents and Settings\Ajmal\NetHood
2007-08-18 01:37:28 0 dr------- C:\Documents and Settings\Ajmal\My Documents
2007-08-18 01:37:28 0 d--h----- C:\Documents and Settings\Ajmal\Local Settings
2007-08-18 01:37:28 0 dr------- C:\Documents and Settings\Ajmal\Favorites
2007-08-18 01:37:28 0 dr------- C:\Documents and Settings\Ajmal\Desktop
2007-08-18 01:37:28 0 d---s---- C:\Documents and Settings\Ajmal\Cookies
2007-08-18 01:37:28 0 dr-h----- C:\Documents and Settings\Ajmal\Application Data
2007-08-18 01:37:28 0 d---s---- C:\Documents and Settings\Ajmal\Application Data\Microsoft
2007-08-18 01:37:28 0 d-------- C:\Documents and Settings\Ajmal\Application Data\Identities
2007-08-18 01:37:28 0 d-------- C:\Documents and Settings\Ajmal\Application Data\Cyberlink
2007-08-18 01:36:39 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT
2007-08-18 01:36:35 0 d-------- C:\Documents and Settings\Default User\WINDOWS
2007-08-18 01:36:35 0 d-------- C:\Documents and Settings\Default User\Application Data\Cyberlink


-- Find3M Report ---------------------------------------------------------------

Nothing modified in this timespan.


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [06/10/2003 15:16]
"nwiz"="nwiz.exe" [06/10/2003 15:16 C:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="" []
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [29/08/2002 05:00]
"NvMediaCenter"="C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [18/08/2007 02:23:39]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AudioDeck.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk
backup=C:\WINDOWS\pss\AudioDeck.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickTV.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickTV.lnk
backup=C:\WINDOWS\pss\QuickTV.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TeleSA.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TeleSA.lnk
backup=C:\WINDOWS\pss\TeleSA.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\Program Files\SupaDial\SupaDial.exe /A

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SupaDial]
C:\Program Files\SupaDial\SupaDial.exe /A




-- End of Deckard's System Scanner: finished at 2007-08-20 16:06:46 ------------




DSS Extra Scan

Deckard's System Scanner v20070819.64
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Celeron® CPU 2.40GHz
Percentage of Memory in Use: 34%
Physical Memory (total/avail): 511.48 MiB / 335.45 MiB
Pagefile Memory (total/avail): 1251.14 MiB / 1099.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.63 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 109.27 GiB total, 100.8 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Ajmal.RUFRYDA\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RUFRYDA
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Ajmal.RUFRYDA
LOGONSERVER=\\RUFRYDA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0303
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\AJMAL~1.RUF\LOCALS~1\Temp
TMP=C:\DOCUME~1\AJMAL~1.RUF\LOCALS~1\Temp
USERDOMAIN=RUFRYDA
USERNAME=Ajmal
USERPROFILE=C:\Documents and Settings\Ajmal.RUFRYDA
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Ajmal.RUFRYDA (admin)


-- Add/Remove Programs ---------------------------------------------------------

Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Advanced Networking Pack for Windows XP --> C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe
DirectX 9 Hotfix - KB839643 --> C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
Guild Wars --> "C:\Program Files\Guild Wars\Gw.exe" -uninstall
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA


-- Application Event Log -------------------------------------------------------

Event Record #/Type36 / Warning
Event Submitted/Written: 08/20/2007 03:58:21 PM
Event ID/Source: 62 / WinMgmt
Event Description:
WMI ADAP was unable to process the .NET CLR Networking performance library since one of the data blobs reported to have classes but had zero size

Event Record #/Type35 / Warning
Event Submitted/Written: 08/20/2007 03:58:14 PM
Event ID/Source: 62 / WinMgmt
Event Description:
WMI ADAP was unable to process the .NET CLR Data performance library since one of the data blobs reported to have classes but had zero size

Event Record #/Type29 / Warning
Event Submitted/Written: 08/20/2007 03:57:28 PM
Event ID/Source: 1020 / ASP.NET 1.1.4322.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type15 / Warning
Event Submitted/Written: 08/20/2007 02:32:33 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat' failed during request for component '{C6638736-7004-4E1D-A5BC-30110004EFC5}'

Event Record #/Type14 / Warning
Event Submitted/Written: 08/20/2007 02:32:33 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{571700F0-DB9D-4B3A-B03D-35A14BB5939F}', feature 'MsgrFeat', component '{C31457A1-EC87-4FF9-8C23-FE7BEAFF4B55}' failed. The resource 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MessengerService\Clients\MSN Messenger\MessengerGuid' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type386 / Warning
Event Submitted/Written: 08/20/2007 04:01:18 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0011F511B9D8. The IP address being used is 169.254.121.160.

Event Record #/Type354 / Warning
Event Submitted/Written: 08/20/2007 03:13:48 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0011F511B9D8. The IP address being used is 169.254.121.160.

Event Record #/Type336 / Error
Event Submitted/Written: 08/20/2007 03:13:10 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 bfb547a3, parameter3 f4bb2b14, parameter4 00000000.

Event Record #/Type328 / Warning
Event Submitted/Written: 08/20/2007 02:41:23 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 0011F511B9D8. The IP address being used is 169.254.121.160.

Event Record #/Type312 / Error
Event Submitted/Written: 08/20/2007 02:40:44 PM
Event ID/Source: 1003 / System Error
Event Description:
Error code 1000008e, parameter1 c0000005, parameter2 805e4eff, parameter3 f4a98cd8, parameter4 00000000.



-- End of Deckard's System Scanner: finished at 2007-08-20 16:06:46 ------------

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 AM

Posted 20 August 2007 - 01:03 PM

Hi ajmal,

This is definitely not a malware issue. There are signs that this is an old computer--for one thing it is formatted in FAT32. Your best bet is to start a new topic in the hardware forum linked to above. Then link back to this topic.

When you start the new topic please provide the following information:

1. Make and model of the computer.
2. How old is the computer?
3. Did you upgrade to XP from an earlier version of Windows?

If this is a used computer and you don't know, just give us as much information as possible.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users