Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 Quiva

Quiva

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 21 April 2008 - 02:45 AM

Gory Details: Last night while browsing porn (isn't it always) at www.asktiava.com, a site thats normally really good, i got a request to allow activex content with no cancel button. I used the close window button at which point it popped up again, so i closed it again and then closed the tab which seemed to be giving it to me. No probs for a bit then IE closes on its own. Reopened and recommenced browsing. No problems for maybe 2 minutes and then my PC restarts itself. Didn't think much of it, just thought IE shat itself. Returned to browsing after restart, but after maybe 30 secs everything stops downloading. My downloader (Free Download Manager) can't contact servers and IE cant find anything. I tried to check my router but "192.168.0.1" is apparently an invalid adress. Immediately jumped up and ran to router, where all lights are green and checked other computers on network. No probs. Returned to my PC shut down everything. Ran a full Spybot scan (nothing), rebooted to safemode ran lastest SmitRem multiple times. Rebooted to normal, internet is up. Updated spybot to latest and ran again. Found and cleaned virtualmonde infection. Checked IE and network is down again. Tried a reboot. internet works again for about 30 secs before no go. Spybot scan again, this time finds smitfraud.c so i reboot into safemode and run smitrem numerous times again. Reboot and run spybot, no infection. Network still will not respond. Tried disabling the wireless connection thinking it might help if it was reset. Disabling connection message never closes. Had to kill explorer process from taskmanager to get rid of it. Now the connection will not re-enable. Thing is i connect through d-link's connection program thingy and its reading clear signal with a great strength, but windows tells me otherwise. Had to reboot to safemode again to disable the wireless card in device manager and then reboot to normal where i tried uninstalling the d-link program. This hung as well and had to be terminated. Theni had to reboot to delete the c:/docs and sets/user/local sets/temp/{miscelaneous alpha numerics} directory that was jamming the uninstall. Reinstalled but no dice. Network runs for about 30 secs after a reboot after which i am denied access to anything. Teatimer only bothered me when spybot was cleaning registry from the smitfraud.c infection.

Short Sharp Details: No network at all. Can't contact internet, other PCs or even the router. Had a smitfraud.c and a virtualmonde but both have been cleaned. There are no popups and no new installed programs. My desktop is undamaged. Spybot no longer finds anything and running smitrem has no effect. D-link connection software shows perfect connection. Disabling wireless connection hangs and requires card to be disabled in safemode using device manager before it can be re-enabled. When disabled d-link software STILL shows full connectivity.

Steps taken
Began to cry *sob*, due to lack of access to MMORPG's
Slapped face and got a hold of self
Ran latest spybot and fixed all problems
Ran smitrem in safemode
Ran latest spybot again, no new problems
Unable to run kaspersky online cos no network
Ran latest DSS in conjunction with latest hijackthis
Posted here...

Main.txt
Deckard's System Scanner v20071014.68
Run by Quiva on 2008-04-21 16:34:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
85: 2008-04-21 07:04:18 UTC - RP91 - Deckard's System Scanner Restore Point
84: 2008-04-20 16:48:25 UTC - RP90 - Installed D-Link AirPlus
83: 2008-04-19 07:53:57 UTC - RP89 - System Checkpoint
82: 2008-04-17 17:56:32 UTC - RP88 - ILLUSION ????3 ???????????
81: 2008-04-16 18:10:28 UTC - RP87 - System Checkpoint


-- First Restore Point --
1: 2008-02-09 14:28:13 UTC - RP7 - ILLUSION Sexy???3 ???????????


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Quiva.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:34:43 PM, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Documents and Settings\All Users\Application Data\rqbevcxg\luxujwdo.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Quiva.PUPPI\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Quiva.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [SHQvlXwi3B] C:\Documents and Settings\All Users\Application Data\rqbevcxg\luxujwdo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

--
End of file - 5806 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 d344bus - c:\windows\system32\drivers\d344bus.sys
R0 d344prt - c:\windows\system32\drivers\d344prt.sys
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 wacommousefilter (Wacom Mouse Filter Driver) - c:\windows\system32\drivers\wacommousefilter.sys <Not Verified; Wacom Technology; Wacom Mouse Filter Driver>
R3 wacomvhid (Wacom Virtual Hid Driver) - c:\windows\system32\drivers\wacomvhid.sys <Not Verified; Wacom Technology; Wacom Virtual HID Driver>

S3 {DEF85C80-216A-43ab-AF70-1665EDBE2780} - c:\windows\temp\1d.tmp (file missing)
S3 LHidUsbK (Logitech SetPoint USB Receiver Device Driver) - c:\windows\system32\drivers\lhidusbk.sys (file missing)
S3 LMouKE (Logitech SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
S3 LUsbKbd (Logitech SetPoint USB Keyboard Filter) - c:\windows\system32\drivers\lusbkbd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\CF95F810DC00
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\CF95F810DC00
Service: NIC1394


-- Files created between 2008-03-21 and 2008-04-21 -----------------------------

2008-04-21 16:33:46 0 d-------- C:\Program Files\Trend Micro
2008-04-21 02:39:41 0 d-------- C:\Documents and Settings\Quivz\Application Data\PC Suite
2008-04-21 02:39:30 0 d-------- C:\Documents and Settings\Quivz\Application Data\Identities
2008-04-21 02:39:28 0 d-------- C:\Documents and Settings\Quivz\Application Data\WTablet
2008-04-21 02:39:24 0 d--h----- C:\Documents and Settings\Quivz\Templates
2008-04-21 02:39:24 0 dr------- C:\Documents and Settings\Quivz\Start Menu
2008-04-21 02:39:24 0 dr-h----- C:\Documents and Settings\Quivz\SendTo
2008-04-21 02:39:24 0 dr-h----- C:\Documents and Settings\Quivz\Recent
2008-04-21 02:39:24 0 d--h----- C:\Documents and Settings\Quivz\PrintHood
2008-04-21 02:39:24 1048576 --ah----- C:\Documents and Settings\Quivz\NTUSER.DAT
2008-04-21 02:39:24 0 d--h----- C:\Documents and Settings\Quivz\NetHood
2008-04-21 02:39:24 0 dr------- C:\Documents and Settings\Quivz\My Documents
2008-04-21 02:39:24 0 d--h----- C:\Documents and Settings\Quivz\Local Settings
2008-04-21 02:39:24 0 dr------- C:\Documents and Settings\Quivz\Favorites
2008-04-21 02:39:24 0 d-------- C:\Documents and Settings\Quivz\Desktop
2008-04-21 02:39:24 0 d--hs---- C:\Documents and Settings\Quivz\Cookies
2008-04-21 02:39:24 0 dr-h----- C:\Documents and Settings\Quivz\Application Data
2008-04-21 02:39:24 0 d---s---- C:\Documents and Settings\Quivz\Application Data\Microsoft
2008-04-21 02:18:26 0 d-------- C:\Program Files\D-Link AirPlus
2008-04-20 23:30:47 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\AdobeUM
2008-04-18 03:26:32 0 d-------- C:\illusion
2008-04-11 14:57:22 0 d-------- C:\Program Files\Gravity
2008-04-02 17:26:26 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Nokia Multimedia Player
2008-04-02 17:26:01 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Phone Browser
2008-04-02 17:26:01 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Datalayer
2008-04-02 17:23:16 0 d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-02 17:23:15 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\NCH Swift Sound
2008-04-02 17:22:37 0 d-------- C:\Program Files\NCH Swift Sound
2008-04-02 17:10:27 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Nokia
2008-04-02 17:06:55 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-02 17:06:49 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\PC Suite
2008-04-02 17:06:48 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-04-02 17:06:47 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-02 17:05:44 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-04-02 17:05:13 0 d-------- C:\Program Files\Nokia
2008-04-02 17:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-03-30 23:49:36 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\ArcSoft
2008-03-30 21:57:34 0 d-------- C:\Program Files\Common Files\Totem Shared
2008-03-30 21:57:25 0 d-------- C:\Program Files\Vg
2008-03-30 18:09:53 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Petroglyph
2008-03-30 17:46:32 0 d-------- C:\Program Files\vghd
2008-03-30 17:46:27 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\vghd
2008-03-30 17:39:48 0 d-------- C:\Program Files\LucasArts
2008-03-29 11:39:25 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Apple Computer
2008-03-28 11:02:27 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Azureus
2008-03-27 15:03:37 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Free Download Manager
2008-03-26 19:05:29 0 d-------- C:\Logs
2008-03-26 18:57:13 0 --a------ C:\WINDOWS\popcreg.dat
2008-03-26 18:57:13 0 --a------ C:\WINDOWS\popcinfot.dat
2008-03-26 18:57:13 0 d-------- C:\Program Files\PopCap Games
2008-03-25 14:46:34 94208 --a------ C:\WINDOWS\system32\zofmnudk.exe
2008-03-25 10:57:51 94208 --a------ C:\WINDOWS\system32\ktkzcxih.exe
2008-03-25 09:01:56 94208 --a------ C:\WINDOWS\system32\ajydmnwz.exe
2008-03-25 08:27:56 691545 --a------ C:\WINDOWS\unins000.exe
2008-03-25 08:27:56 2540 --a------ C:\WINDOWS\unins000.dat
2008-03-25 08:22:55 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-25 08:07:45 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\DivX
2008-03-25 08:07:44 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Media Player Classic
2008-03-25 08:05:01 94208 --a------ C:\WINDOWS\system32\snufqbur.exe
2008-03-25 07:39:02 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Macromedia
2008-03-25 07:37:57 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Adobe
2008-03-25 07:34:50 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\Identities
2008-03-25 07:34:47 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data\WTablet
2008-03-25 07:34:45 0 dr------- C:\Documents and Settings\Quiva.PUPPI\Favorites
2008-03-25 07:34:45 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Desktop
2008-03-25 07:34:45 0 d--hs---- C:\Documents and Settings\Quiva.PUPPI\Cookies
2008-03-25 07:34:45 0 d-------- C:\Documents and Settings\Quiva.PUPPI\Application Data
2008-03-25 07:34:44 0 d--h----- C:\Documents and Settings\Quiva.PUPPI\Templates
2008-03-25 07:34:44 0 dr------- C:\Documents and Settings\Quiva.PUPPI\Start Menu
2008-03-25 07:34:44 0 dr-h----- C:\Documents and Settings\Quiva.PUPPI\SendTo
2008-03-25 07:34:44 0 dr-h----- C:\Documents and Settings\Quiva.PUPPI\Recent
2008-03-25 07:34:44 0 d--h----- C:\Documents and Settings\Quiva.PUPPI\PrintHood
2008-03-25 07:34:44 4980736 --ah----- C:\Documents and Settings\Quiva.PUPPI\NTUSER.DAT
2008-03-25 07:34:44 0 d--h----- C:\Documents and Settings\Quiva.PUPPI\NetHood
2008-03-25 07:34:44 0 dr------- C:\Documents and Settings\Quiva.PUPPI\My Documents
2008-03-25 07:34:44 0 d--h----- C:\Documents and Settings\Quiva.PUPPI\Local Settings
2008-03-25 07:23:41 0 d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-24 15:39:19 2002 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-24 15:38:38 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-24 15:38:38 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-24 15:38:38 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-24 15:38:38 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-24 15:38:38 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-24 15:38:38 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-24 15:38:38 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-24 15:38:38 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-24 15:38:38 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-24 15:38:38 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-24 15:38:38 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-24 15:38:38 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2008-03-24 15:38:38 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-24 15:38:38 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-03-24 15:35:56 4096 --a------ C:\WINDOWS\system32taack.dat
2008-03-24 15:35:56 4096 --a------ C:\WINDOWS\system32ssvchost.com
2008-03-24 15:35:56 4096 --a------ C:\WINDOWS\system32hxiwlgpm.dat
2008-03-24 15:35:56 4096 --a------ C:\WINDOWS\system32bdn.com
2008-03-24 15:35:37 0 d-------- C:\Documents and Settings\All Users\Application Data\rqbevcxg
2008-03-24 15:35:36 114688 --a------ C:\WINDOWS\system32\lwrafadg.exe


-- Find3M Report ---------------------------------------------------------------

2008-04-21 00:51:07 17408 --a------ C:\WINDOWS\system32\host.dat
2008-04-16 15:00:07 0 d-------- C:\Program Files\Azureus
2008-04-11 14:57:22 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-06 10:36:08 0 d-------- C:\Program Files\World of Warcraft
2008-04-03 10:07:15 13775 --a------ C:\Documents and Settings\Quiva.PUPPI\Application Data\NMM-MetaData.db
2008-04-02 17:06:55 0 d-------- C:\Program Files\Common Files
2008-04-02 14:03:18 0 d-------- C:\Program Files\THQ
2008-03-17 20:45:56 0 d-------- C:\Program Files\SanDisk
2008-03-17 20:41:46 0 d-------- C:\Program Files\QuickTime
2008-03-17 20:40:29 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-03-16 19:59:03 0 --a------ C:\WINDOWS\PowerReg.dat
2008-03-16 19:58:17 0 d-------- C:\Program Files\Infogrames Interactive
2008-03-10 20:58:12 0 d-------- C:\Program Files\DOSBox-0.72
2008-03-10 14:35:28 0 d-------- C:\Program Files\Microprose
2008-03-06 02:28:19 0 d-------- C:\Program Files\PicaLoader
2008-03-01 19:35:58 0 d-------- C:\Program Files\illusion
2008-03-01 12:46:46 0 d-------- C:\Program Files\Electronic Arts
2008-03-01 12:10:00 0 d-------- C:\Program Files\Setup Files
2008-03-01 12:09:30 0 d-------- C:\Program Files\Realtek AC97
2008-02-27 21:50:54 0 d-------- C:\Program Files\SEGA
2008-02-21 05:17:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-21 05:04:38 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-11 01:13:15 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-10 20:00:09 8192 --a------ C:\WINDOWS\d3dx.dat
2008-02-09 23:44:01 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2008-02-09 11:03:17 0 -rahs---- C:\MSDOS.SYS
2008-02-09 11:03:17 0 -rahs---- C:\IO.SYS
2008-02-09 11:03:17 0 --a------ C:\CONFIG.SYS
2008-02-09 11:03:17 0 --a------ C:\AUTOEXEC.BAT
2008-02-09 11:00:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [11/05/2007 07:33 AM]
"nwiz"="nwiz.exe" [11/05/2007 07:33 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [11/05/2007 07:33 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [16/04/2007 06:54 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [04/08/2004 07:01 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:02 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [04/08/2004 07:02 AM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [27/12/2003 07:43 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" []
"SoundMan"="SOUNDMAN.EXE" [17/11/2006 04:42 AM C:\WINDOWS\soundman.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [17/03/2008 08:41 PM]
"SansaDispatch"="C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe" [22/10/2007 11:52 AM]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [15/06/2006 12:36 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 09:26 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 10:43 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"ShowDeskFix"=regsvr32 /s /n /i:u shell32

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 9:05:26 PM]
D-Link AirPlus.lnk - C:\Program Files\D-Link AirPlus\AirPlus.exe [21/04/2008 2:18:26 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"SHQvlXwi3B"=C:\Documents and Settings\All Users\Application Data\rqbevcxg\luxujwdo.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8323 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-21 16:35:02 ------------

Extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3500+
Percentage of Memory in Use: 18%
Physical Memory (total/avail): 2047.48 MiB / 1659.19 MiB
Pagefile Memory (total/avail): 3940.18 MiB / 3718.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.48 MiB

C: is Fixed (NTFS) - 465.75 GiB total, 383.62 GiB free.
D: is CDROM (UDF)
E: is Fixed (NTFS) - 74.53 GiB total, 1.81 GiB free.
F: is Fixed (NTFS) - 37.26 GiB total, 25.45 GiB free.
G: is CDROM (No Media)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE1 - Maxtor 6E040L0 - 37.27 GiB - 1 partition
\PARTITION0 - Installable File System - 37.26 GiB - F:

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - E:

\\.\PHYSICALDRIVE2 - WDC WD5000AAKS-65YGA0 - 465.76 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 465.75 GiB - C:

\\.\PHYSICALDRIVE3 - SanDisk Cruzer Crossfire USB Device - 1953.22 MiB - 1 partition
\PARTITION0 - 16-bit FAT - 1959.21 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Quiva.PUPPI\Application Data
CLASSPATH=C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PUPPI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Quiva.PUPPI
LOGONSERVER=\\PUPPI
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 7 Stepping 10, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=070a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\QUIVA~1.PUP\LOCALS~1\Temp
TMP=C:\DOCUME~1\QUIVA~1.PUP\LOCALS~1\Temp
USERDOMAIN=PUPPI
USERNAME=Quiva
USERPROFILE=C:\Documents and Settings\Quiva.PUPPI
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Quiva (admin)
Quiva.PUPPI (admin)
Quivz (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
Crysis® --> MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
D-Link AirPlus --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDC74FE6-5224-11D6-B27F-00E0181A6FA8}\Setup.exe" -l0x9
DAEMON Tools --> MsiExec.exe /I{83895843-3A51-4C93-9DF3-2BDB65C7E54A}
Darkstar One --> "C:\Program Files\Darkstar One\unins000.exe"
Dawn of War - Dark Crusade --> C:\Program Files\InstallShield Installation Information\{FF39FC01-819B-42E4-AE49-1968AF12DDD4}\setup.exe -runfromtemp -l0x0009 -removeonly
Dawn of War - Soulstorm --> "C:\Program Files\InstallShield Installation Information\{20533183-D42D-4261-A125-956736FBEA8C}\setup.exe" -runfromtemp -l0x0009 -removeonly
Dawn Of War - Winter Assault --> MsiExec.exe /X{DD8408E9-9421-484F-979D-DB6361E3E828}
DawnOfWar --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{362D5167-9716-44BE-89FD-BF9EB6EF814B}
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ILLUSION ????3 --> MsiExec.exe /X{E4D02EF2-6F12-4BE9-9928-2F27DA01A915}
ILLUSION BattleRaper2 --> MsiExec.exe /I{32470264-B8B8-408E-A404-73A9DF16B8FE}
K-Lite Codec Pack 3.4.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Leisure Suit Larry - Magna Cum Laude --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A31289C6-04EF-4437-A35B-7CC96167145C}
Master of Orion 3 --> C:\PROGRA~1\INFOGR~1\MASTER~1\UNWISE.EXE C:\PROGRA~1\INFOGR~1\MASTER~1\INSTALL.LOG
Master of Orion II --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Microprose\Orion2\DeIsL1.isu"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Neverwinter Nights 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Nokia Connectivity Cable Driver --> MsiExec.exe /X{6882DD11-33B8-4DEA-8305-7E765BF74BD3}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{59359B3D-ABE7-46BF-AB55-43B67A64DC68}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia themes for your device --> MsiExec.exe /I{77F5816C-64A6-4FBE-BBE5-52EFE5EB84E8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
Oblivion --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Peggle Deluxe 1.0 --> C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Phantasy Star Online --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{778D5912-DF4A-4019-A654-3505151D0756} /l1033
PicaLoader 1.47.1231 --> "C:\Program Files\PicaLoader\UninsHs.exe"
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1041
RagnarokOnline --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA45673E-CFF3-4098-A6D9-5587258553FC}\setup.exe" -l0x9 -removeonly
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\Setup.exe" -l0x9 -removeonly
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sansa Updater --> C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9 -removeonly
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
TubeHunter Ultra --> MsiExec.exe /I{6951AFF1-7E53-4BD7-AB1F-4DB10549A8FC}
VirtuaGirl --> C:\PROGRA~1\Vg\UNWISE.EXE C:\PROGRA~1\Vg\INSTALL.LOG
VirtuaGirl HD --> C:\Documents and Settings\Quiva.PUPPI\Start Menu\Programs\VirtuaGirl HD\uninstall.lnk
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1316 / Error
Event Submitted/Written: 04/21/2008 01:46:07 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mmc.exe, version 5.2.3790.2843, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1315 / Error
Event Submitted/Written: 04/21/2008 01:44:12 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mmc.exe, version 5.2.3790.2843, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1313 / Error
Event Submitted/Written: 04/21/2008 01:23:48 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application explorer.exe, version 6.0.2900.2894, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1310 / Error
Event Submitted/Written: 04/21/2008 00:50:28 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SDUpdate.exe, version 1.0.8.8, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1307 / Error
Event Submitted/Written: 04/20/2008 11:31:47 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application acrord32.exe, version 7.0.8.218, faulting module acrord32.dll, version 7.0.8.218, fault address 0x000fc7c6.
Processing media-specific event for [acrord32.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9237 / Warning
Event Submitted/Written: 04/21/2008 03:28:09 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 00400528C528. The IP address being used is 169.254.12.14.

Event Record #/Type9235 / Warning
Event Submitted/Written: 04/21/2008 03:28:06 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00400528C528. The following
error occurred:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type9233 / Warning
Event Submitted/Written: 04/21/2008 03:27:29 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00400528C528. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type9232 / Warning
Event Submitted/Written: 04/21/2008 03:27:29 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00400528C528. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Event Record #/Type9228 / Warning
Event Submitted/Written: 04/21/2008 03:27:26 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00400528C528. The following
error occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.



-- End of Deckard's System Scanner: finished at 2008-04-21 16:35:02 ------------

Edited by Quiva, 21 April 2008 - 02:52 AM.


BC AdBot (Login to Remove)

 


#2 Quiva

Quiva
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 27 April 2008 - 05:35 PM

Okay, so i still have no idea what happened, but it looks like i wasn't hacked or add-bombed or anything else. It apears after all that, it was a simple program error that hung the network and somehow forced windows to disconnect from the DHCP server. The culprit? Adobe Reader automatic update reminder. I finally found the halfway downloaded and installed files and deleted them while in safe mode (access was denied in normal as it tries to use the corrupted files as soon as i log on) and now everything appears peachy again. But now i have to shoot off to uni for the day and i get Grand Theft Auto IV tonight so it looks like i wont be playing MMORPGs for a bit anyway. I'd say thanks for the help, but you didn't do nothing.
TTFN
Ta-Ta For Now

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:04:15 AM

Posted 28 April 2008 - 07:28 AM

Thanks for informing us that you found and fixed the problem yourself.

Should you find other problems, please begin a new topic.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users