Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Freezing When Adsl Cable Plugged In


  • Please log in to reply
1 reply to this topic

#1 Paytriotic

Paytriotic

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 06 April 2008 - 03:56 AM

Hi There

I was wondering if someone can help me with my computer. Its basically slowing and than stopping my computer when i plug my internet cable in.

Here is a scan i did using deckards scanner. Ive run a whole bunch of antivirus, anti malware programs but nothing works including Anti Trojan, Zone alarm, trojan shield and others.

Anyway heres the log, please please please help.

Deckard's System Scanner v20071014.68
Run by Patrick Baker on 2008-04-06 20:42:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
88: 2008-04-06 08:42:56 UTC - RP191 - Deckard's System Scanner Restore Point
87: 2008-04-05 22:54:48 UTC - RP190 - System Checkpoint
86: 2008-04-04 04:32:14 UTC - RP189 - System Checkpoint
85: 2008-04-02 21:48:23 UTC - RP188 - System Checkpoint
84: 2008-04-01 19:49:25 UTC - RP187 - System Checkpoint


-- First Restore Point --
1: 2008-01-08 00:43:50 UTC - RP104 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Patrick Baker.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:43, on 4/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Active Shield 4\ActiveShieldService.exe
C:\Program Files\Active Shield 4\ActiveShield4.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Documents and Settings\Patrick Baker\Desktop\dss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Kitco\Kcast\Kcast.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\PATRIC~1\Desktop\ANTIVI~1\Patrick Baker.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [Active Shield] C:\Program Files\Active Shield 4\ActiveShield4.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KITCO] C:\Program Files\Kitco\Kcast\Kcast
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5 - Tribes of the East.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe
O4 - Startup: Registration Heroes of Might & Magic 5.LNK = C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Active Shield Service (ServiceAS) - Unknown owner - C:\Program Files\Active Shield 4\ActiveShieldService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4369 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\PATRIC~1\Desktop\ANTIVI~1\backups\) ---

backup-20080209-120259-101 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
backup-20080209-120259-133 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
backup-20080209-120259-141 O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
backup-20080209-120259-177 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080209-120259-190 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
backup-20080209-120259-194 O4 - HKLM\..\Run: [Base frag grid bows] C:\Documents and Settings\All Users\Application Data\Cast ping base frag\Two Soap.exe
backup-20080209-120259-200 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080209-120259-232 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080209-120259-244 O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
backup-20080209-120259-258 O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
backup-20080209-120259-280 O1 - Hosts: 80.190.241.30 home.edonkey.com
backup-20080209-120259-291 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
backup-20080209-120259-305 O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080209-120259-333 O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
backup-20080209-120259-337 O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
backup-20080209-120259-355 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20080209-120259-361 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20080209-120259-374 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080209-120259-394 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
backup-20080209-120259-397 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080209-120259-410 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
backup-20080209-120259-411 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
backup-20080209-120259-413 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
backup-20080209-120259-419 O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
backup-20080209-120259-421 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
backup-20080209-120259-479 O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
backup-20080209-120259-504 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iesearch.com/
backup-20080209-120259-539 O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
backup-20080209-120259-568 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080209-120259-596 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
backup-20080209-120259-597 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
backup-20080209-120259-639 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
backup-20080209-120259-707 O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
backup-20080209-120259-735 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20080209-120259-756 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
backup-20080209-120259-828 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080209-120259-870 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
backup-20080209-120259-891 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
backup-20080209-120259-909 O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
backup-20080209-120259-919 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
backup-20080209-120259-977 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
backup-20080209-120259-983 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
backup-20080209-120259-998 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
backup-20080209-120300-145 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080209-120300-206 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080209-120300-300 O17 - HKLM\System\CCS\Services\Tcpip\..\{C22C0126-9407-4AEE-BF0D-6A6494DB5B91}: NameServer = 210.48.65.2,210.48.66.2
backup-20080209-120300-456 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
backup-20080209-120300-466 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080209-120300-493 O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
backup-20080209-120300-613 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
backup-20080209-120300-650 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080209-120300-708 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080209-120300-737 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080209-120300-799 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080209-120300-887 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
backup-20080209-120300-923 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
backup-20080209-120300-942 O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
backup-20080209-120300-988 O16 - DPF: {93F796E1-6BF7-4E22-958E-4E969E88F69D} (WebClient Control) - http://219.89.125.98/WebClient.cab
backup-20080209-120300-994 O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
backup-20080406-145814-226 O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
backup-20080406-145814-231 O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
backup-20080406-145814-322 O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
backup-20080406-145814-405 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080406-145814-760 O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
backup-20080406-145814-836 O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
backup-20080406-145814-894 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080406-145814-937 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ATE_PROCMON - c:\program files\anti trojan elite\atepmon.sys

S2 SeviceAS - c:\program files\active shield 4\activeshieldservice.exe
S3 RT73 (DYWUK54 Wireless Adapter) - c:\windows\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ServiceAS (Active Shield Service) - c:\program files\active shield 4\activeshieldservice.exe

S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_235C1462&REV_10\4&11B6166B&0&30F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_235C1462&REV_10\4&11B6166B&0&30F0
Service: RTL8023xp


-- Scheduled Tasks -------------------------------------------------------------

2008-04-06 20:00:00 284 --ah----- C:\WINDOWS\Tasks\AEC098C7918B08F3.job


-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 20:38:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 20:36:30 0 d-------- C:\Program Files\Safer Networking
2008-04-06 15:51:29 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-06 15:51:20 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-04-06 15:51:20 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-04-06 15:51:20 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-04-06 15:51:19 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-04-06 15:51:19 0 d-------- C:\Program Files\Trojan Remover
2008-04-06 15:51:19 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\Simply Super Software
2008-04-06 15:51:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-04-06 09:42:29 0 d-------- C:\Program Files\ATS2
2008-04-05 12:05:39 0 d-------- C:\Program Files\Active Shield 4
2008-04-05 12:05:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Active Shield
2008-04-05 11:52:45 0 d-------- C:\Program Files\Symantec
2008-04-05 10:54:33 0 dr-h----- C:\Documents and Settings\Patrick Baker\Recent
2008-03-29 18:51:22 0 d-------- C:\Program Files\Google
2008-03-23 12:19:12 290918 --a------ C:\WINDOWS\system32\Install7x.dll <Not Verified; ; Install Dynamic Link Library>
2008-03-23 12:19:12 252928 --a------ C:\WINDOWS\system32\drivers\rt73.sys <Not Verified; Ralink Technology, Corp.; Ralink 802.11 Wireless Adapters>
2008-03-23 12:19:12 2048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2008-03-23 12:19:12 245376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.SYS <Not Verified; Ralink Technology Inc.; Ralink 802.11g Wireless USB Adapters>
2008-03-23 12:19:12 311296 --a------ C:\WINDOWS\system32\AegisI5.exe <Not Verified; ; AegisInstall Application>
2008-03-23 12:19:12 138 --a------ C:\WINDOWS\filespec7x
2008-03-23 12:18:44 0 d-------- C:\Program Files\Dynalink
2008-03-21 21:12:42 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2008-03-21 18:50:36 0 d-------- C:\Program Files\Ubisoft
2008-03-19 22:22:39 0 d-------- C:\WINDOWS\APPLICATION DATA
2008-03-19 22:22:38 724992 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-03-19 22:22:38 0 d-------- C:\Program Files\Kitco
2008-03-19 22:22:16 0 d-------- C:\WINDOWS\Kcast
2008-03-19 18:02:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-03-15 10:58:30 0 d-------- C:\Program Files\MSXML 6.0
2008-03-13 18:11:25 0 d-------- C:\Program Files\Microsoft Virtual PC
2008-03-13 16:30:40 0 d-------- C:\WAR
2008-03-11 18:02:32 24 --a------ C:\ws2
2008-03-06 17:31:27 0 d-------- C:\Program Files\uTorrent
2008-03-06 17:31:20 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\uTorrent


-- Find3M Report ---------------------------------------------------------------

2008-04-06 16:23:56 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\AVG7
2008-04-06 16:22:00 0 d-------- C:\Program Files\TrojanHunter 5.0
2008-04-06 10:22:36 0 d-------- C:\Program Files\Anti Trojan Elite
2008-04-05 11:52:58 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-04-02 20:49:40 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\BitTorrent
2008-03-28 17:07:33 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-25 21:51:13 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\Skype
2008-03-25 19:47:49 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\skypePM
2008-03-25 16:37:16 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\LimeWire
2008-03-23 21:38:28 0 d-------- C:\Program Files\Yahoo!
2008-03-19 20:42:11 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2008-03-19 20:42:11 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2008-03-19 20:42:11 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2008-03-18 15:26:13 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\Image Zone Express
2008-03-11 18:03:25 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-03 15:06:06 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\Ahead
2008-02-29 13:02:22 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\DivX
2008-02-29 12:59:29 0 d-------- C:\Program Files\DivX
2008-02-29 12:57:46 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\ACD Systems
2008-02-29 12:57:24 0 d-------- C:\Program Files\Common Files\ACD Systems
2008-02-29 12:57:17 0 d-------- C:\Program Files\Common Files
2008-02-29 12:57:17 0 d-------- C:\Program Files\ACD Systems
2008-02-12 17:33:39 0 d-------- C:\Program Files\Winamp
2008-02-10 16:26:03 0 d-------- C:\Program Files\LimeWire
2008-02-09 16:42:23 0 d-------- C:\Documents and Settings\Patrick Baker\Application Data\TeamViewer
2008-02-09 12:07:38 0 d-------- C:\Program Files\a-squared Free
2008-02-07 13:20:48 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" [05/10/2006 04:46]
"Active Shield"="C:\Program Files\Active Shield 4\ActiveShield4.exe" [02/03/2008 06:48]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [04/03/2008 07:19]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [07/18/2006 03:47]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [03/25/2008 07:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [01/19/2007 11:54]
"KITCO"="C:\Program Files\Kitco\Kcast\Kcast" []

C:\Documents and Settings\Patrick Baker\Start Menu\Programs\Startup\
Registration Heroes of Might & Magic 5 - Hammers of Fate.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registrationa1\RegistrationReminder.exe [3/28/2008 5:02:35 PM]
Registration Heroes of Might & Magic 5 - Tribes of the East.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V - Tribes of the East\registration\RegistrationReminder.exe [3/28/2008 5:10:12 PM]
Registration Heroes of Might & Magic 5.LNK - C:\Program Files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [3/28/2008 4:32:33 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8def13e0-7508-11dc-914e-806d6172696f}]
AutoRun\command- G:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

7886 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-06 20:44:05 ------------

Here is the extra report

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU 6600 @ 2.40GHz
Percentage of Memory in Use: 44%
Physical Memory (total/avail): 1022.42 MiB / 568.16 MiB
Pagefile Memory (total/avail): 2460.98 MiB / 2096.64 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1945.02 MiB

C: is Fixed (NTFS) - 116.21 GiB total, 77.83 GiB free.
D: is Fixed (NTFS) - 116.67 GiB total, 113.13 GiB free.
E: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - SATA ST325082 SCSI Disk Device - 232.88 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 116.21 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 116.67 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: ZoneAlarm Pro Firewall v5.1.011.000 (Zone Labs, Inc.)
AV: AVG 7.5.519 v7.5.519 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Morpheus\\Morpheus.exe"="C:\\Program Files\\Morpheus\\Morpheus.exe:*:Enabled:Morpheus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Warez3"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Patrick Baker\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PATRICK
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Patrick Baker
LOGONSERVER=\\PATRICK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp
USERDOMAIN=PATRICK
USERNAME=Patrick Baker
USERPROFILE=C:\Documents and Settings\Patrick Baker
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Patrick Baker (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
ACDSee for PENTAX 3.0 --> MsiExec.exe /X{92022F8E-2E55-4A16-88EB-B4778B35E942}
Active Shield 4 --> "C:\Program Files\Active Shield 4\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Anti-Trojan Shield 2 --> "C:\Program Files\ATS2\Uninstall.exe" "C:\Program Files\ATS2\install.log"
Anti Trojan Elite 3.9.6 --> "C:\Program Files\Anti Trojan Elite\unins000.exe"
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcanum --> MsiExec.exe /I{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Baldur's Gate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Black Isle\Baldur's Gate\Uninst.isu"
Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
CiD Help --> C:\DOCUME~1\PATRIC~1\APPLIC~1\LONGBO~1\wait mpeg.exe -uninstall
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DYWUK54 Wireless Client Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B53DB130-85E1-4E0F-8858-3F634FA2257F}\setup.exe" -l0x9 -removeonly
Hero Editor V0.95 --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Hero Editor\ST6UNST.LOG"
Heroes of Might & Magic V: Hammers of Fate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200091}\setup.exe" -l0x9
Heroes of Might and Magic V --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{20071984-5EB1-4881-8EDB-082532ACEC6D}\setup.exe" -l0x9
Heroes of Might and Magic V - Tribes of the East --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66FF4C48-0083-4E60-8556-B883AB200092}\setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Patrick Baker\Desktop\AntiVirus\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icewind Dale II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\setup.exe" -l0x9
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
JMB36X Raid Configurer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Kcast Beta 2.0.0 --> C:\WINDOWS\iun6002.exe "C:\Program Files\Kitco\Kcast\unkcast.ini"
Korean Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5670-0000-800000000003}
LimeWire 4.16.6 --> "C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic ISO Maker v5.4 (build 0251) --> C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard --> MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Mozilla Firefox (2.0.0.12) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Norton Internet Security --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\Temp{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Personal C64 2.14 --> C:\DOCUME~1\PATRIC~1\DESKTOP\PC-64\Setup.exe /uninstall
Poker Mania v3.3.0 --> "C:\Program Files\Poker Mania\unins000.exe"
Python 2.5.1 --> MsiExec.exe /I{31800004-6386-4999-A519-518F2D78D8F0}
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
REALTEK GbE & FE Ethernet PCI NIC Driver --> C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RunAlyzer --> "C:\Program Files\Safer Networking\RunAlyzer\unins000.exe"
Sacred Underworld --> "C:\Program Files\Ascaron Entertainment\Sacred Underworld\unins000.exe"
Skypeā„¢ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Station LaunchPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7447B32-518C-442F-A8E4-DCF12D8A6D75}\Setup.exe" -l0x9
TeamSpeak 2 RC2 --> D:\Teamspeak2_RC2\unins000.exe
Trojan Remover 6.6.8 --> "C:\Program Files\Trojan Remover\unins000.exe"
TrojanHunter 5.0 --> "C:\Program Files\TrojanHunter 5.0\unins000.exe"
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm Pro --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2887 / Error
Event Submitted/Written: 04/06/2008 08:43:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application TJEnder.exe, version 1.1.8.530, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2885 / Success
Event Submitted/Written: 04/06/2008 08:42:23 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type2883 / Success
Event Submitted/Written: 04/06/2008 08:23:57 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type2881 / Success
Event Submitted/Written: 04/06/2008 08:03:39 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type2879 / Success
Event Submitted/Written: 04/06/2008 07:37:44 PM
Event ID/Source: 2570 / Adobe Active File Monitor 6.0
Event Description:
Adobe Active File Monitor Service has Started.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type50 / Error
Event Submitted/Written: 04/06/2008 08:43:57 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The SeviceAS service failed to start due to the following error:
%%2001

Event Record #/Type46 / Error
Event Submitted/Written: 04/06/2008 08:41:29 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type45 / Error
Event Submitted/Written: 04/06/2008 08:38:09 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type44 / Error
Event Submitted/Written: 04/06/2008 08:37:40 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type43 / Error
Event Submitted/Written: 04/06/2008 08:37:14 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}



-- End of Deckard's System Scanner: finished at 2008-04-06 20:44:05 ------------

Edited by Paytriotic, 06 April 2008 - 03:58 AM.


BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:07:28 PM

Posted 17 April 2008 - 01:51 PM

Hello

Welcome to Bleeping Computer!

Sorry about the delay. We're all volunteers here, and it's been very busy.

If you still need help, please post a new DSS.scan report to make sure nothing has changed. Please post only the main.txt report.


And I'll be happy to take a look at it for you.

Thanks, for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users