Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Was Infected With Win32 Horst-aaf Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 bad ash

bad ash

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:22 PM

Posted 05 April 2008 - 10:11 PM

I sadly found out that I was infected by more than just that trojan, but that was the hardest to remove. I used Adaware, Trend Micro Scan, McAfee Stinger, Panda Online, Spybot, Avast and Kaspersky to clean my system...has been a long week.

Anyways I am hoping and wish to confirm that my system is clean again...

Deckard's System Scanner v20071014.68
Run by cm080117 on 2008-04-06 11:40:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2008-04-06 02:40:35 UTC - RP291 - Deckard's System Scanner Restore Point
61: 2008-04-04 02:34:53 UTC - RP290 - Installed Java™ 6 Update 5
60: 2008-04-04 01:58:00 UTC - RP289 - Made by Desktop Maestro
59: 2008-04-03 16:50:41 UTC - RP288 - Installed Ad-Aware 2007
58: 2008-04-03 16:21:14 UTC - RP287 - Removed Microsoft .NET Framework 1.1


-- First Restore Point --
1: 2008-02-29 08:35:55 UTC - RP230 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as cm080117.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:11 AM, on 06/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\npkcmsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Secunia\PSI (RC1)\psi.exe
C:\Documents and Settings\cm080117\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\cm080117.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.naver.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DesktopX] "C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX8300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEP.EXE /FU "C:\WINDOWS\TEMP\E_SC7.tmp" /EF "HKCU"
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: ObjectDock Plus.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Secunia PSI (RC1).lnk = C:\Program Files\Secunia\PSI (RC1)\psi.exe
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: ??? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A4E624A-F7EA-4313-B721-C5669E0C6266} (TrustSiteAuction Control) - http://download.auction.co.kr/activexpay/T...AuctionCtrl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7876A60C-6116-4AD9-B0EE-C53A06C08747} (IPCheckerX Control) - http://203.248.245.162:8080/ftth/ftth/popup/IPCheckerX.cab
O16 - DPF: {99C709C7-4F58-46C1-855B-90213C760395} (v3d Class) - https://v3d.kcp.co.kr/file/kcp_ansimclick.cab
O16 - DPF: {A9F090E5-FC80-4772-AFEE-D102AB6E77D6} (IssacWebProCMS Class) - http://pgdownload.dacom.net/dacom/IssacWebProCMS_3_1_0_1.cab
O16 - DPF: {AB14AFC3-7AFB-403E-8ABF-8966E0FD360D} (DnsChangeX Control) - http://203.248.245.162:8080/ftth/ftth/popup/DnsChangeX.cab
O16 - DPF: {B0A75875-3622-48BA-B5FF-45AD77AC2D0E} (BankPayEFTCtrl Control) - http://download.auction.co.kr/activexpay/2.../BankPayEFT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://update.nprotect.net/keycrypt/kftc/npkcx_vista.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver OEM12 - HP - C:\WINDOWS\system32\OEMipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: w32tm - Unknown owner - C:\WINDOWS\w32tm.exe (file missing)

--
End of file - 8577 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.cmd - cmdfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,-153
.hlp - hlpfile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,23
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.js - jsfile - DefaultIcon - unable to read value
.reg - regfile - DefaultIcon - C:\WINDOWS\regedit.exe,1
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - VBSFile - DefaultIcon - C:\WINDOWS\system32\WScript.exe,2


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
R3 PSI - c:\windows\system32\drivers\psi_mf.sys <Not Verified; Secunia; Secunia Personal Software Inspector>
R3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
R3 ZDPSp50 (ZDPSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\zdpsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S3 BRGSp50 (BRGSp50 NDIS Protocol Driver) - c:\windows\system32\drivers\brgsp50.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
S3 JRSKD24 - c:\windows\system32\jrskd24.sys <Not Verified; SoftForum Corporation; ClientKeeper KeyPro Keyboard Driver>
S3 JRSUKD24 - c:\windows\system32\jrsukd24.sys <Not Verified; SoftForum Corporation; ClientKeeper KeyPro Keyboard Driver>
S3 libusb0 (LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1) - c:\windows\system32\drivers\libusb0.sys <Not Verified; http://libusb-win32.sourceforge.net; LibUSB-Win32 - Kernel Driver>
S3 neokdss - c:\windows\system32\drivers\neokdss.sys (file missing)
S3 OEMius12 (USB to IEEE-1284.4 Translation Driver OEMius12) - c:\windows\system32\drivers\oemius12.sys <Not Verified; HP; HP Dot4Usb Windows 2000>
S3 ZD1211BU(ZyDAS) (ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS)) - c:\windows\system32\drivers\zd1211bu.sys <Not Verified; ZyDAS Technology Corporation; ZD1211B 802.11 b+g USB LAN Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 npkcmsvc - c:\windows\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>

S2 w32tm - "c:\windows\w32tm.exe" (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 Pml Driver OEM12 - c:\windows\system32\oemipm12.exe <Not Verified; HP; HP PML>
S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-04-05 09:23:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-05 15:22:21 13 ---h----- C:\Documents and Settings\All Users\Application Data\3113.sys
2008-04-05 15:21:45 0 d-------- C:\Program Files\CoffeeCup Software
2008-04-05 14:04:40 0 d-------- C:\WINDOWS\ISSAC_WEB
2008-04-05 00:01:49 0 d-------- C:\WINDOWS\BDOSCAN8
2008-04-04 21:41:54 0 d-------- C:\Program Files\Panda Security
2008-04-04 11:34:57 0 d-------- C:\Program Files\Common Files\Java
2008-04-04 01:50:42 0 d-------- C:\Program Files\Lavasoft
2008-04-04 01:50:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 01:43:46 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-04 01:43:46 2543 --a------ C:\WINDOWS\unins000.dat
2008-04-04 01:29:43 1844 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 01:28:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 01:28:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-04-04 01:28:54 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-04-04 01:28:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-04-04 01:28:54 82432 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-04-04 01:28:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 01:28:53 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-04-04 00:54:19 0 d-------- C:\Program Files\Trend Micro
2008-04-03 22:51:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\True Sword
2008-04-03 22:25:32 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-04-03 22:25:32 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-04-03 22:25:32 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-04-03 22:25:32 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-04-03 22:25:32 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-04-03 22:25:32 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-04-03 22:25:32 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-04-03 22:25:32 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-04-03 22:25:32 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-04-03 22:25:32 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-04-03 22:25:32 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-04-03 22:25:32 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-04-03 22:25:32 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-04-03 22:25:31 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-04-03 22:07:58 0 d-------- C:\Documents and Settings\cm080117\Application Data\True Sword
2008-04-03 22:07:24 0 d-------- C:\Program Files\True Sword 4
2008-04-03 21:55:35 0 d-------- C:\Program Files\Secunia
2008-04-03 21:52:40 0 d-------- C:\Documents and Settings\cm080117\DoctorWeb
2008-04-02 21:47:46 0 d-------- C:\Documents and Settings\cm080117\.housecall6.6
2008-03-29 12:02:14 0 d-------- C:\Documents and Settings\cm080117\Application Data\Sony Corporation
2008-03-29 12:01:26 3654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2008-03-29 12:01:25 0 d-------- C:\Drivers
2008-03-28 23:51:00 0 d-------- C:\Program Files\SEGA
2008-03-27 22:09:22 0 d-------- C:\Program Files\FTP Now
2008-03-27 15:13:50 0 d-------- C:\Documents and Settings\cm080117\Application Data\ClientKeeper
2008-03-22 19:01:49 0 d-------- C:\Documents and Settings\cm080117\Application Data\Bioshock
2008-03-22 18:38:28 0 dr-h----- C:\Documents and Settings\cm080117\Application Data\SecuROM
2008-03-22 15:58:03 0 d-------- C:\Documents and Settings\cm080117\Application Data\rockbox.org
2008-03-21 11:11:36 0 d-------- C:\Documents and Settings\cm080117\Application Data\TVU networks
2008-03-21 11:11:36 0 d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-03-21 11:11:22 0 d-------- C:\Program Files\TVUPlayer
2008-03-21 11:08:10 0 d-------- C:\Documents and Settings\cm080117\Application Data\vlc
2008-03-21 01:11:12 0 d-------- C:\Program Files\VideoLAN
2008-03-21 01:08:53 0 d-------- C:\Program Files\SopCast
2008-03-21 00:33:39 0 d-------- C:\Documents and Settings\cm080117\Application Data\foobar2000
2008-03-21 00:33:15 0 d-------- C:\Program Files\foobar2000
2008-03-20 23:38:47 0 d-------- C:\Documents and Settings\cm080117\Application Data\RaimaRadio
2008-03-20 23:38:43 0 d-------- C:\Program Files\RaimaRadio
2008-03-18 23:16:38 0 d-------- C:\Program Files\FairUse Wizard 2
2008-03-18 23:04:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-03-18 22:58:45 0 d-------- C:\Program Files\Last.fm
2008-03-17 22:01:26 0 d-------- C:\Program Files\Hotspot Shield
2008-03-14 16:22:02 0 d-------- C:\Documents and Settings\cm080117\Application Data\EPSON
2008-03-14 14:44:44 407568 --a------ C:\WINDOWS\eFaxView.exe <Not Verified; eFax.com; eFax Messenger Plus ™>
2008-03-14 12:49:10 0 d-------- C:\Documents and Settings\All Users\Application Data\UDL
2008-03-14 12:40:06 111932 --a------ C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-03-14 12:40:06 1120 --a------ C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-03-14 12:40:06 1107 --a------ C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-03-14 12:40:06 1136 --a------ C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-03-14 12:40:06 1104 --a------ C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-03-14 12:40:05 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-03-14 12:40:05 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-03-14 12:40:05 1146 --a------ C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-03-14 12:40:05 1129 --a------ C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-03-14 12:40:05 1139 --a------ C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-03-14 12:40:05 4943 --a------ C:\WINDOWS\system32\EPPICPattern6.dat
2008-03-14 12:40:05 21390 --a------ C:\WINDOWS\system32\EPPICPattern5.dat
2008-03-14 12:40:05 11811 --a------ C:\WINDOWS\system32\EPPICPattern4.dat
2008-03-14 12:40:05 24903 --a------ C:\WINDOWS\system32\EPPICPattern3.dat
2008-03-14 12:40:05 20148 --a------ C:\WINDOWS\system32\EPPICPattern2.dat
2008-03-14 12:40:05 31053 --a------ C:\WINDOWS\system32\EPPICPattern131.dat
2008-03-14 12:40:05 27417 --a------ C:\WINDOWS\system32\EPPICPattern121.dat
2008-03-14 12:40:05 26154 --a------ C:\WINDOWS\system32\EPPICPattern1.dat
2008-03-14 12:38:35 0 d-------- C:\Documents and Settings\All Users\Application Data\EPSON
2008-03-14 12:26:40 0 d-------- C:\Program Files\epson
2008-03-12 08:49:04 27136 --a------ C:\WINDOWS\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>
2008-03-09 14:09:02 0 d-------- C:\Documents and Settings\cm080117\Application Data\CyberLink
2008-03-07 18:57:21 0 d-------- C:\Program Files\Guitar Pro 5
2008-03-07 18:54:41 0 d-------- C:\Program Files\MagicISO


-- Find3M Report ---------------------------------------------------------------

2008-04-06 11:42:28 0 d-------- C:\Program Files\PeerGuardian2
2008-04-06 11:23:21 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-06 03:07:50 0 d-------- C:\Documents and Settings\cm080117\Application Data\uTorrent
2008-04-06 01:05:14 0 d-------- C:\Documents and Settings\cm080117\Application Data\OpenOffice.org2
2008-04-04 11:37:48 0 d-------- C:\Program Files\Java
2008-04-04 11:34:57 0 d-------- C:\Program Files\Common Files
2008-04-04 10:59:48 0 d-------- C:\Program Files\Desktop Maestro
2008-04-04 01:50:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 01:25:21 0 d-------- C:\Program Files\Macromedia
2008-04-04 01:10:33 0 d-------- C:\Program Files\QuickTime
2008-04-04 01:03:15 0 d-------- C:\Program Files\Winamp
2008-04-02 21:27:56 0 d-------- C:\Program Files\Windows Live
2008-04-02 21:24:29 0 d-------- C:\Program Files\Bonjour
2008-04-02 00:40:32 2278 --a------ C:\WINDOWS\mozver.dat
2008-04-02 00:22:23 0 d-------- C:\Program Files\Steam
2008-03-31 16:06:10 192512 --a------ C:\WINDOWS\system32\kdfvmgr.exe <Not Verified; ??????; ?????? KdfVMgr>
2008-03-21 05:38:17 0 d-------- C:\Program Files\uTorrent
2008-03-19 10:00:50 73728 --a------ C:\WINDOWS\system32\kcp_ansimclick.dll <Not Verified; (?)???????; kcp_ansimclick Module>
2008-03-14 12:55:42 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-14 12:53:18 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-08 05:49:06 0 d-------- C:\Program Files\GameSpy Arcade
2008-03-06 13:46:36 0 d-------- C:\Program Files\iriver
2008-03-05 04:47:46 0 d-------- C:\Documents and Settings\cm080117\Application Data\BSplayer PRO
2008-03-04 17:04:08 0 d-------- C:\Documents and Settings\cm080117\Application Data\iriver
2008-03-04 12:39:14 0 d-------- C:\Program Files\2K Games
2008-03-04 12:38:57 0 d-------- C:\Documents and Settings\cm080117\Application Data\InstallShield
2008-02-27 16:39:59 0 d-------- C:\Documents and Settings\cm080117\Application Data\Adobe
2008-02-25 14:26:04 32768 --a------ C:\WINDOWS\system32\UbiKeyWin32.dll <Not Verified; (?)????; ???? UbiKeyWin32>
2008-02-25 14:26:04 32768 --a------ C:\WINDOWS\system32\UbiKey.dll <Not Verified; (?)????; ???? UbiKey>
2008-02-25 12:38:17 0 d-------- C:\Documents and Settings\cm080117\Application Data\Dev-Cpp
2008-02-22 17:50:07 0 d-------- C:\Program Files\Avi2Dvd
2008-02-22 17:48:19 0 d-------- C:\Program Files\AviSynth 2.5
2008-02-16 19:25:25 0 d-------- C:\Documents and Settings\cm080117\Application Data\Orbit
2008-02-13 06:36:52 0 d-------- C:\Program Files\SoftForum
2008-02-13 05:37:54 0 d-------- C:\Program Files\NPKI
2008-02-12 13:07:49 0 d-------- C:\Documents and Settings\cm080117\Application Data\Media Player Classic
2008-02-11 20:15:59 0 d-------- C:\Program Files\Combined Community Codec Pack
2008-02-10 08:00:54 0 d-------- C:\Program Files\INFovine
2008-02-10 07:58:06 0 d-------- C:\Program Files\INICIS
2008-02-08 08:25:13 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-31 17:06:37 4096 --a------ C:\WINDOWS\d3dx.dat
2008-01-30 18:27:43 669184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-01-24 16:48:13 1 --a------ C:\WINDOWS\system32\FlashPaper2PrinterPort
2008-01-23 11:23:48 950272 --a------ C:\WINDOWS\system32\NPDownV.exe <Not Verified; ; nProtect Update>
2008-01-22 08:39:55 76679 --a------ C:\WINDOWS\system32\npkcmsvc.exe <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Manager Service>
2008-01-18 18:05:49 14988 --a------ C:\WINDOWS\system32\winupsvc.exe
2008-01-18 18:05:47 14988 --a------ C:\WINDOWS\system32\winsvcup.exe
2008-01-18 18:05:46 492 --a------ C:\WINDOWS\system32\mswinup.exe
2008-01-18 15:30:07 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-18 08:03:43 0 -rahs---- C:\MSDOS.SYS
2008-01-18 08:03:43 0 -rahs---- C:\IO.SYS
2008-01-18 08:03:43 0 --a------ C:\CONFIG.SYS
2008-01-18 08:03:43 0 --a------ C:\AUTOEXEC.BAT
2008-01-18 08:00:51 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-17 21:54:29 62 --ahs---- C:\Documents and Settings\cm080117\Application Data\desktop.ini
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [06/04/2006 04:04 PM]
"imekrmig7.0"="C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [15/07/2003 03:57 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/01/2007 07:29 AM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [30/03/2008 03:37 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 11:37 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [05/12/2007 06:41 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 05:56 PM]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [19/09/2005 11:40 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]
"DesktopX"="C:\Program Files\Stardock\Object Desktop\DesktopX\DesktopX.exe" [19/07/2005 03:44 PM]
"EPSON Stylus CX8300 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEP.exe" [12/04/2007 03:00 PM]

C:\Documents and Settings\cm080117\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [18/03/2008 10:58:48 PM]
ObjectDock Plus.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [20/01/2008 11:48:01 AM]
Secunia PSI (RC1).lnk - C:\Program Files\Secunia\PSI (RC1)\psi.exe [22/02/2008 6:09:52 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [23/01/2008 1:28:40 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/02/2005 08:13 AM 49152 C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 07/12/2005 02:16 PM 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cm080117^Start Menu^Programs^Startup^autostart.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cm080117^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^cm080117^Start Menu^Programs^Startup^Last.fm Helper.lnk]
backup=C:\WINDOWS\pss\Last.fm Helper.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopMaestro]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPlusAgent]
"C:\Program Files\iriver\iriver plus\iAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iriverPlus]
C:\Program Files\iriver\iriver plus\iplus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SIDEBAR]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"SCardSvr"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38d2d43c-c6c6-11dc-8927-0016ec37557f}]
AutoRun\command- ytmb.bat
explore\Command- ytmb.bat
open\Command- ytmb.bat

*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.newsleecher.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com

7841 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-06 11:43:19 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.66GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.42 MiB / 1476.27 MiB
Pagefile Memory (total/avail): 3432.35 MiB / 2955.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 232.94 GiB total, 66.21 GiB free.
D: is Fixed (NTFS) - 232.82 GiB total, 104.16 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SAMSUNG HD501LJ - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 232.94 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 232.82 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: ZoneAlarm Security Suite Firewall v7.0.302.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.302.000 (Check Point, LTD.) Disabled Outdated
AV: avast! antivirus 4.8.1169 [VPS 080405-1] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="D:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\\Program Files\\Microsoft Games\\Halo2\\halo2.exe"="D:\\Program Files\\Microsoft Games\\Halo2\\halo2.exe:*:Enabled:Halo 2"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\cm080117\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GUMBI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\cm080117
LOGONSERVER=\\GUMBI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\cm080117\LOCALS~1\Temp
TMP=C:\DOCUME~1\cm080117\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=GUMBI
USERNAME=cm080117
USERPROFILE=C:\Documents and Settings\cm080117
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

cm080117 (admin)
Marley
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
ACE Mega CoDecS Pack --> "C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3 --> C:\Program Files\Common Files\Adobe\Installers\435a6af7459cb02a9c1138113a26e93\Setup.exe
Adobe Dreamweaver CS3 --> MsiExec.exe /I{F01D5ED5-D53A-4468-B428-149DC2CB3110}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{2A539CD9-0F75-4875-9A32-E06DD93C4114}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Setup --> MsiExec.exe /I{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.11.13 --> MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Avi2Dvd 0.4.5 beta --> C:\Program Files\Avi2Dvd\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BioShock --> C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\_setup.exe -runfromtemp -l0x0009 -removeonly
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
CoffeeCup Photo Gallery - Trial --> C:\PROGRA~1\COFFEE~1\COFFEE~1\UNWISE.EXE C:\PROGRA~1\COFFEE~1\COFFEE~1\INSTALL.LOG
Combined Community Codec Pack 2008-01-24 --> "C:\Program Files\Combined Community Codec Pack\unins000.exe"
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Desktop Maestro 2.0 --> "C:\Program Files\Desktop Maestro\unins000.exe"
DesktopX Professional --> C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\INSTALL.LOG
Dev-C++ 5 beta 9 release (4.9.9.2) --> "C:\cygwin\Dev-Cpp\uninstall.exe"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan --> C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual --> C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\ENG\USE_G\DOCUNINS.EXE
FairUse Wizard 2 --> "C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 3.2.0623 --> "C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter\unins000.exe"
foobar2000 v0.9.5.1 --> "C:\Program Files\foobar2000\uninstall.exe"
Foxit Reader --> MsiExec.exe /I{35D4B689-722A-413B-BC6E-8ACA8C1E8636}
FTP Now --> C:\PROGRA~1\FTPNOW~1\UNWISE.EXE C:\PROGRA~1\FTPNOW~1\INSTALL.LOG
GoldWave v5.23 --> "C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.23" "C:\Program Files\GoldWave\unstall.log"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life 2: Episode Two --> "C:\Program Files\Steam\steam.exe" steam://uninstall/420
Halo 2 for Windows Vista --> D:\Program Files\Microsoft Games\Halo2\StartUp.exe /tnp:/remove
Hex Workshop v4.23 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BreakPoint Software\Hex Workshop 4.2\hw41unin.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotspot Shield 1.03 --> C:\Program Files\Hotspot Shield\Uninstall.exe
iriver Firmware Updater (remove only) --> "C:\Program Files\iriver\iriver Firmware Updater\uninstall.exe"
iriver plus (remove only) --> "C:\Program Files\iriver\iriver plus\uninstall.exe"
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Last.fm 1.4.2.59470 --> "C:\Program Files\Last.fm\unins000.exe"
Look 316 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD89BDD5-E758-42D5-B34B-C149F88CE515}\Setup.exe" -l0x9
Macromedia Contribute 3.11 --> MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8 --> MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia FlashPaper 2 --> MsiExec.exe /X{F977FD4B-C9A6-4BAA-B4BB-DE3023288253}
Macromedia FreeHand MXa --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Magic Audio Converter v8.3.2 --> "C:\Program Files\Magic Audio Converter\unins000.exe"
Magic ISO Maker v5.4 (build 0256) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MailFrontier Desktop --> C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\UNWISE.EXE C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\INSTMLF.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110412-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.13) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Nero 8 --> MsiExec.exe /X{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NHL Eastside Hockey Manager 2005 --> MsiExec.exe /X{778DBCBC-68F4-479E-B14F-4BF708454B90}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
ObjectDock Plus --> C:\PROGRA~1\Stardock\OBJECT~2\objectdock.exe /uninstall
OpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Pandora's GUI --> MsiExec.exe /X{B63FAB20-EA87-4C20-AA28-32DC973D5751}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerDVD Ultra --> "C:\Program Files\InstallShield Installation Information\{1F0B7A92-C643-4F8F-B35F-2CBAE4FEA4F3}\setup.exe" -l0x000409 /z-uninstall
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
PS3 Media Center X 0.92 --> C:\Program Files\Red Kawa\Media Center\uninst.exe
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP WIFI Max --> "C:\Program Files\Datel\PSP WIFI Max\unins000.exe"
PunkBuster Services --> C:\WINDOWS\system32\pbsvc.exe -u
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RaimaRadio 1.4 --> "C:\Program Files\RaimaRadio\unins000.exe"
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Secunia PSI (RC1) --> "C:\Program Files\Secunia\PSI (RC1)\uninstall.exe"
Shockwave Player --> MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
SkinStudio --> C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\SKINST~1\INSTALL.LOG
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SopCast 3.0.0 --> C:\Program Files\SopCast\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
TMPGEnc 4.0 XPress --> MsiExec.exe /I{FC5495CB-CDA5-4DCE-99DF-D1567DAF5A86}
TVUPlayer 2.3.5.4 --> C:\Program Files\TVUPlayer\uninst.exe
UBIKey ޴ --> C:\WINDOWS\system32\UbiKeyUninstall.exe
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6e --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
WindowBlinds --> C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\INSTALL.LOG
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
ZyDAS IEEE 802.11 b+g Wireless LAN - USB --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9


-- Application Event Log -------------------------------------------------------

Event Record #/Type773 / Warning
Event Submitted/Written: 04/04/2008 01:24:47 AM
Event ID/Source: 33 / WinMgmt
Event Description:
WMI ADAP was unable to load the ASP.NET performance library because it threw an exception: 0x0

Event Record #/Type772 / Warning
Event Submitted/Written: 04/04/2008 01:24:47 AM
Event ID/Source: 47 / WinMgmt
Event Description:
WMI ADAP was unable to retrieve data from the PerfLib subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ASP.NET, error code: 127

Event Record #/Type760 / Error
Event Submitted/Written: 04/04/2008 01:20:35 AM
Event ID/Source: 1023 / MsiInstaller
Event Description:
Product: Microsoft Office Professional Edition 2003 - Update '{2B8B897C-F449-4BC5-BFC4-D4D6D23B4AC6}' could not be installed. Error code 1642. Additional information is available in the log file C:\DOCUME~1\cm080117\LOCALS~1\Temp\OHotfix\OHotfix(00001)_Msi.log.

Event Record #/Type759 / Warning
Event Submitted/Written: 04/04/2008 01:20:30 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0

Event Record #/Type758 / Warning
Event Submitted/Written: 04/04/2008 01:20:29 AM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x800401F0



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7018 / Error
Event Submitted/Written: 04/06/2008 11:23:45 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Windows Time service terminated with the following error:
%%2

Event Record #/Type7017 / Error
Event Submitted/Written: 04/06/2008 11:23:38 AM
Event ID/Source: 46 / W32Time
Event Description:
The time service encountered an error and was forced to shut down. The error was: 0x80070002

Event Record #/Type7016 / Error
Event Submitted/Written: 04/06/2008 11:23:38 AM
Event ID/Source: 30 / W32Time
Event Description:
The time service encountered an error while reading its configuration
from the registry and cannot start. The error was: The system cannot find the file specified. (0x80070002)

Event Record #/Type7012 / Warning
Event Submitted/Written: 04/06/2008 02:46:33 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type6994 / Error
Event Submitted/Written: 04/05/2008 04:04:15 AM
Event ID/Source: 7031 / Service Control Manager
Event Description:
The w32tm service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.



-- End of Deckard's System Scanner: finished at 2008-04-06 11:43:19 ------------

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:22 AM

Posted 16 April 2008 - 01:48 PM

Hello bad ash,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:22 AM

Posted 26 April 2008 - 02:12 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users