Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! My Computer Had Been Infected


  • Please log in to reply
1 reply to this topic

#1 JeREnK

JeREnK

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:13 PM

Posted 09 January 2008 - 01:03 PM

Deckard's System Scanner v20071014.68
Run by Owner on 2008-01-09 22:00:02
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-01-09 14:00:08 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

[color=red]Percentage of Memory in Use: 76% (more than 75%).[/color]
[color=red]Total Physical Memory: 248 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02:52 PM, on 1/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\setrysvc.exe
C:\WINDOWS\System32\semwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon .exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe
C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager .exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IDMan .exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Programs\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {B5303C44-E785-4281-9AA2-F059A38ACFC7} - C:\WINDOWS\system32\awvtr.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" -quiet
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {EDDA7B3F-CA25-4D98-81AC-8BA0E4AE65F6} (dcCertUtils.clsOperation) - https://www.hasil.org.my/efiling/dcCertUtils.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Sony Ericsson Wireless LAN Tray Service (setrysvc) - Unknown owner - C:\WINDOWS\System32\setrysvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4730 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S1 InCDPass - c:\windows\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\windows\system32\drivers\incdrm.sys (file missing)
S4 InCDFs (InCD File System) - c:\windows\system32\drivers\incdfs.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 AntiVirMailService (AntiVir PersonalEdition Premium MailGuard) - "c:\program files\avira\antivir personaledition premium\avmailc.exe" <Not Verified; Avira GmbH; AntiVir Mail Guard>
R2 AntiVirScheduler (AntiVir PersonalEdition Premium Scheduler) - "c:\program files\avira\antivir personaledition premium\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 AVEService (AntiVir PersonalEdition Premium MailGuard helper service) - "c:\program files\avira\antivir personaledition premium\avesvc.exe" <Not Verified; Avira GmbH; AVE Service>
R2 setrysvc (Sony Ericsson Wireless LAN Tray Service) - c:\windows\system32\setrysvc.exe c:\windows\system32\semwltry.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_00811025&REV_03\4&1D3F0FBB&0&08F0
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_169C&SUBSYS_00811025&REV_03\4&1D3F0FBB&0&08F0
Service: b57w2k

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&1D3F0FBB&0&10F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&1D3F0FBB&0&10F0
Service: w29n51


-- Scheduled Tasks -------------------------------------------------------------

2008-01-04 17:19:19	   376 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-12-09 and 2008-01-09 -----------------------------

2008-01-09 21:55:20		 0 d-------- C:\Program Files\Trend Micro
2008-01-09 04:18:04		 0 d-------- C:\VundoFix Backups
2008-01-08 18:38:02		 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-01-08 18:38:02		 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-01-08 18:38:02		 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-01-08 18:38:02		 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-01-08 18:38:02		 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-01-08 18:38:00		 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-01-08 18:38:00		 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-01-08 18:38:00		 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-01-08 18:38:00		 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-01-08 18:38:00		 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-01-08 18:38:00	786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-01-08 18:38:00		 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-01-08 18:38:00		 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-01-08 18:38:00		 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-01-08 17:56:30		 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-08 17:56:20		 0 d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-08 14:22:38		 0 d-------- C:\Program Files\AskSBar
2008-01-07 16:07:02		 0 d-------- C:\Documents and Settings\Owner\Application Data\IDM
2008-01-07 16:06:40		 0 d-------- C:\Program Files\Internet Download Manager
2008-01-07 15:17:15		 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-01-06 16:32:34	112026 --ahs---- C:\WINDOWS\system32\rtvwa.ini2
2008-01-06 16:32:08	338944 --a------ C:\WINDOWS\system32\awvtr.dll
2008-01-06 16:26:57	 36352 --a------ C:\WINDOWS\system32\yayxxww.dll
2008-01-05 02:05:44		 0 d-------- C:\Program Files\Virtual Hottie 2
2008-01-04 02:09:16   1032192 --a------ C:\WINDOWS\system32\sqlrcmd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-01 17:36:11		 0 d-------- C:\WINDOWS\Easy Rapidshare Points 4.0
2007-12-30 21:52:33		 0 d-------- C:\Program Files\Tony Hawk's American Wasteland
2007-12-26 23:36:50		 0 d-------- C:\Program Files\Red Alert 2
2007-12-24 23:07:18		 0 d-------- C:\Program Files\SopCast
2007-12-23 19:15:44	 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2007-12-23 19:15:43	 65536 -----n--- C:\WINDOWS\system32\setrysvc.EXE
2007-12-23 19:15:43	622693 -----n--- C:\WINDOWS\system32\semwltray.EXE <Not Verified; Sony Ericsson Mobile Communications AB; Sony Ericsson 802.11 Wireless Network Tray Applet>
2007-12-23 19:15:43	192512 -----n--- C:\WINDOWS\system32\semwlI5.exe <Not Verified;; AegisInstall Application>
2007-12-23 19:15:43	225280 -----n--- C:\WINDOWS\system32\SEMLogon.dll <Not Verified; Sony Ericsson Mobile Communications AB; Wireless Network Logon Provider>
2007-12-23 19:15:40   1396831 -----n--- C:\WINDOWS\system32\semwlE5.dll <Not Verified; Meetinghouse Data Communications; AEGIS Client API>
2007-12-23 19:15:39	802920 -----n--- C:\WINDOWS\system32\semwltry.EXE <Not Verified; Sony Ericsson Mobile Communications AB; Sony Ericsson 802.11 Wireless Network Controller>
2007-12-23 19:15:35	 69632 -----n--- C:\WINDOWS\system32\semwlD2K.EXE <Not Verified; Sony Ericsson Mobile Communications AB; Sony Ericsson 802.11 Installation Manager>
2007-12-23 19:15:14	 57453 -----n--- C:\WINDOWS\system32\GCXXD2K.EXE <Not Verified; Sony Ericsson; Sony Ericsson Wireless Modem Installation Manager>
2007-12-23 19:14:56		 0 d-------- C:\Program Files\Sony Ericsson
2007-12-23 18:30:53		 0 d-------- C:\Documents and Settings\All Users\Application Data\eboostr
2007-12-23 17:51:50		 0 d-------- C:\Program Files\TuneUp Utilities 2008
2007-12-23 17:50:53		 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-21 11:15:12		 0 d-------- C:\Program Files\SuperDVDCreator9.5
2007-12-18 01:00:45		 0 d-------- C:\Program Files\Winamp3
2007-12-18 01:00:43		 0 d-------- C:\Program Files\iZotope
2007-12-18 00:18:50		 0 d-------- C:\Documents and Settings\All Users\Application Data\SRS Labs
2007-12-18 00:16:03		 0 d-------- C:\Program Files\SRS Labs
2007-12-18 00:10:06		 0 d-------- C:\Documents and Settings\All Users\Application Data\DFX
2007-12-18 00:10:04		 0 d-------- C:\Program Files\DFX
2007-12-18 00:06:16		 0 d-------- C:\Documents and Settings\Owner\Application Data\Winamp
2007-12-17 18:33:09		 0 d-------- C:\WINDOWS\Sun
2007-12-17 18:33:09		 0 d-------- C:\Documents and Settings\Owner\Application Data\Sun
2007-12-15 23:08:43	 28672 --a------ C:\WINDOWS\system32\regclass.dll <Not Verified; 6XGate Systems, Inc.; Registry Access Classes>
2007-12-10 23:14:38		 0 d-------- C:\Program Files\ENT Quest Sdn Bhd
2007-12-10 23:07:55		 0 d-------- C:\WINDOWS\system32\URTTemp
2007-12-10 02:58:55		 0 d-------- C:\Documents and Settings\Owner\Application Data\AntiVir PersonalEdition Premium


-- Find3M Report ---------------------------------------------------------------

2008-01-09 21:27:04		 0 d-------- C:\Documents and Settings\Owner\Application Data\DMCache
2008-01-06 22:50:28		 0 d-------- C:\Program Files\Windows Media Connect 2
2008-01-06 22:43:36	470528 --a------ C:\WINDOWS\system32\hkcmd.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2008-01-06 22:43:34	499200 --a------ C:\WINDOWS\system32\igfxtray.exe <Not Verified; Intel Corporation; Intel(R) Common User Interface>
2007-12-25 00:35:09		 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-23 17:50:53		 0 d-------- C:\Program Files\Common Files
2007-12-19 15:46:14	   805 --a------ C:\WINDOWS\mozver.dat
2007-12-19 15:46:10		 0 d-------- C:\Program Files\DivX
2007-12-18 01:21:12		 0 d-------- C:\Program Files\Winamp
2007-12-18 00:45:56		 0 d-------- C:\Program Files\InterActual
2007-12-17 21:00:14		 0 d-------- C:\Program Files\3GP Player
2007-12-16 23:44:22		 0 d-------- C:\Documents and Settings\Owner\Application Data\uTorrent
2007-12-08 17:14:47		 0 d-------- C:\Program Files\Java
2007-12-08 16:50:43		 0 d-------- C:\Program Files\Common Files\Java
2007-12-07 20:02:43		 0 d-------- C:\Program Files\Realtek AC97
2007-12-06 21:57:28		 0 d-------- C:\Program Files\Common Files\Totem Shared
2007-12-05 09:57:58		 0 d-------- C:\Program Files\e-Kamus
2007-12-05 09:56:55	303104 -----n--- C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2007-12-05 09:56:48	 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
01/08/2008 02:22 PM	66912	--a------	C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B5303C44-E785-4281-9AA2-F059A38ACFC7}]
01/06/2008 04:32 PM	338944	--a------	C:\WINDOWS\system32\awvtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
01/08/2008 02:22 PM	267592	--a------	C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [01/08/2008 02:22 PM 267592]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe" [01/09/2008 09:09 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvtr

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Rapidown.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Rapidown.lnk
backup=C:\WINDOWS\pss\Rapidown.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^VirtuaGirl.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\VirtuaGirl.lnk
backup=C:\WINDOWS\pss\VirtuaGirl.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPM-DM]
c:\acer\epm\epm-dm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePowerManagement]
C:\Acer\ePM\ePM.exe boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GCXX-Manager-Class]
"C:\Program Files\Sony Ericsson\Wireless Manager\GCXXManager.exe" -startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KTPWare]
C:\Program Files\Elantech\ktp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\awvtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson Wireless Manager UI]
C:\WINDOWS\system32\semwltray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SRS Audio Sandbox"="C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1 .EXE" -quiet
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"Sony Ericsson Wireless Manager UI"=C:\WINDOWS\system32\semwltray
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c9d84e8-6cfd-11dc-a423-000fde5c45bc}]
Auto\command- setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64d15dbc-6797-11dc-a410-000fde5c45bc}]
Auto\command- My_Heart.exe
AutoRun\command- My_Heart.exe
Explore\command- My_Heart.exe
OPEN\command- My_Heart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1c23c31-d158-11db-a256-000fde5c45bc}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3df46d3-a720-11dc-a4e7-000fde5c45bc}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Flash.10.Setup.exe
Explore\command- Flash.10.Setup.exe
Open\command- Flash.10.Setup.exe
Scan for Viruses\command- F:\Scanner.exe




-- End of Deckard's System Scanner: finished at 2008-01-09 22:05:17 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) M processor 1.73GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 247.42 MiB / 49.46 MiB
Pagefile Memory (total/avail): 604.28 MiB / 229.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.52 MiB

C: is Fixed (NTFS) - 29.29 GiB total, 18.72 GiB free.
D: is Fixed (NTFS) - 26.59 GiB total, 16.38 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6025GAS - 55.89 GiB - 2 partitions
  \PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
  \PARTITION1 - Extended w/Extended Int 13 - 26.59 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Avira AntiVir PersonalEdition v 7.0.1.201
(Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=TRA3212
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\TRA3212
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=TRA3212
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Owner [I](admin)[/I]
Administrator [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 8 --> MsiExec.exe /I{AE80641A-0C8D-4670-A518-B4EC154B1027}
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Ask Toolbar --> rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
Avira AntiVir PersonalEdition Premium --> C:\Program Files\Avira\AntiVir PersonalEdition Premium\SETUP.EXE /REMOVE
Celcom Desktop CPPRS Setup --> MsiExec.exe /I{74F18A0F-2239-4856-9C5A-86BFBE14BFFB}
Create-Ringtone 4.95 --> "C:\Program Files\Create-Ringtone\unins000.exe"
DFX 8 for Winamp --> "C:\Program Files\Winamp\uninstall_dfx.exe"
DietMP3 4.03.00 --> "C:\Program Files\DietMP3\unins000.exe"
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
e-Kamus 5.01 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\e-Kamus\ST6UNST.LOG"  
Google Earth --> MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Deskjet 3900 series --> C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Extended Capabilities 6.1 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Imaging Device Functions 6.1 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
HP PSC & OfficeJet 6.1.A --> "C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel(R) Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
InterVideo WinDVD 7 --> "C:\Program Files\InstallShield Installation Information\{90885A82-9673-49EA-AB39-AF776639C67C}\setup.exe" REMOVEALL
iZotope Ozone 1.0 for Winamp2 and Winamp3 --> "C:\Program Files\iZotope\Ozone\Winamp\unins000.exe"
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Mega Codec Pack 2.01 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KTP Ware PS/2-WDM 5.0.1.2 --> rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Launch Manager --> C:\WINDOWS\UnInst32.exe LManager.UNI
Marketiva --> C:\Program Files\Novativa Streamster\Uninstall.exe
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo --> MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{385979FE-DC4F-4140-8EAD-A59625000D72} /l1033 BUN4
NTI CD & DVD-Maker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
PowerPlayer II --> "C:\Program Files\Winamp\uninst_pwrplay.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9  -removeonly
SoftV90 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00811025\HXFSETUP.EXE -U -IVEN_8086&DEV_266D&SUBSYS_00811025
Sony Ericsson 802.11 Wireless LAN Adapter Control Panel --> C:\WINDOWS\system32\semwlu00.exe verbose /rootkey="Software\Sony Ericsson\802.11_App\UninstallInfo"
Sony Ericsson 802.11 Wireless LAN Adapter Driver --> C:\WINDOWS\system32\semwlu00.exe verbose /rootkey="Software\Sony Ericsson\802.11\UninstallInfo"
Sony Ericsson Wireless Manager --> C:\WINDOWS\system32\GCXXMU.exe verbose
Sony Ericsson Wireless Modem --> C:\WINDOWS\system32\GCXXDU.exe verbose
SopCast 2.0.4 --> C:\Program Files\SopCast\uninst.exe
SRS Audio Sandbox --> MsiExec.exe /X{00029EB7-E72E-4E78-88A5-D0BB7D917433}
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Super DVD Creator 9.5 --> "C:\Program Files\SuperDVDCreator9.5\unins000.exe"
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type6533 / Error
Event Submitted/Written: 01/09/2008 10:03:40 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type6532 / Error
Event Submitted/Written: 01/09/2008 10:03:40 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type6529 / Warning
Event Submitted/Written: 01/09/2008 09:09:17 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Drop.Agent.dgo.127'
in the file
C:\WINDOWS\system32\awvtr.exe

Event Record #/Type6528 / Warning
Event Submitted/Written: 01/09/2008 09:08:29 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Drop.Agent.dgo.8'
in the file
C:\Documents and Settings\Owner\Local Settings\Temp\TMP16.tmp

Event Record #/Type6527 / Warning
Event Submitted/Written: 01/09/2008 09:08:29 PM
Event ID/Source: 4113 / H+BEDV AntiVir
Event Description:
AntiVir has detected 'TR/Drop.Agent.dgo.8'
in the file
C:\Documents and Settings\Owner\Local Settings\Temp\TMP16.tmp



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19947 / Error
Event Submitted/Written: 01/09/2008 09:10:31 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.32.149.92 for the Network Card with network address 00904C000000 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type19921 / Error
Event Submitted/Written: 01/09/2008 04:45:29 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 10.32.155.56 for the Network Card with network address 00904C000000 has been
denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type19875 / Error
Event Submitted/Written: 01/09/2008 04:29:02 PM
Event ID/Source: 10 / Pcmcia
Event Description:
\Device\Pcmcia0

Event Record #/Type19874 / Error
Event Submitted/Written: 01/09/2008 04:28:57 PM
Event ID/Source: 610 / SCardSvr
Event Description:
Smart Card Reader 'Broadcom WWSC 0' rejected IOCTL GET_STATE: A device attached to the system is not functioning.

Event Record #/Type19873 / Error
Event Submitted/Written: 01/09/2008 04:28:57 PM
Event ID/Source: 616 / SCardSvr
Event Description:
Reader monitor 'Broadcom WWSC 0' received uncaught error code:  A device attached to the system is not functioning.



-- End of Deckard's System Scanner: finished at 2008-01-09 22:05:17 ------------


BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 24 January 2008 - 12:33 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum.
My name is Richie and i'll be helping you to fix your problems.

Apologies for the late response,as i'm sure you can appreciate we are extremely busy.

If you've already recieved help at another forum and your issues have been resolved,or you're presently recieving help elsewhere then please let us know.

If you have not followed the info in the link below prior to posting your log then please do so now:
Preparation Guide for use before posting a HijackThis Log:
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

If you still require help,please post a new Hijackthis log into this topic in your next reply.

Also post a detailed description of the issues you're experiencing.

*Note*
Post all reports/logs directly into this topic,not as attachments,thanks.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users