Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Encountered Problem And Must Now Close


  • This topic is locked This topic is locked
2 replies to this topic

#1 morbz

morbz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:50 AM

Posted 10 May 2008 - 02:50 AM

okay so, id have done all that has been asked. here it is please help

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 510.42 MiB / 165.96 MiB
Pagefile Memory (total/avail): 1247.73 MiB / 931.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.89 MiB

C: is Fixed (FAT32) - 26.38 GiB total, 0.28 GiB free.
D: is Fixed (FAT32) - 26.55 GiB total, 11.73 GiB free.
E: is CDROM (CDFS)
F: is Removable (FAT)

\\.\PHYSICALDRIVE1 - SD3 Device - 121.25 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 121.2 MiB - F:

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Unknown - 26.39 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 26.57 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: ZoneAlarm Firewall v6.5.737.000 (Zone Labs, Inc.)
AV: AVG 7.5.524 v7.5.524 (Grisoft)
AV: Norton AntiVirus v2004 (Symantec Corporation) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Delta Ops\\Bin\\DeltaOps.exe"="C:\\Program Files\\Delta Ops\\Bin\\DeltaOps.exe:*:Disabled:DeltaOps"
"D:\\Games\\Black And White\\runblack.exe"="D:\\Games\\Black And White\\runblack.exe:*:Enabled:lh"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"D:\\LimeWire\\LimeWire.exe"="D:\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"D:\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe"="D:\\Unreal Tournament\\Unreal Tournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"D:\\BitTorrent\\bittorrent.exe"="D:\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\David\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-C6BAC00326
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\David
LOGONSERVER=\\ACER-C6BAC00326
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\Quicktime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\AUTODE~1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d06
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\David\LOCALS~1\Temp
TMP=C:\DOCUME~1\David\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=ACER-C6BAC00326
USERNAME=David
USERPROFILE=C:\Documents and Settings\David
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

David (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer ePowerManagement --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\Setup.exe" -l0x9
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\SETUP.EXE" -uninstall
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2002 --> MsiExec.exe /I{5783F2D7-0101-0409-0000-0060B0CE6BBA}
AVG Free Edition --> C:\Program Files\Grisoft\AVG Free\setup.exe /UNINSTALL
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitTorrent 5.0.9 --> "D:\BitTorrent\uninstall.exe"
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CC_ccStart --> MsiExec.exe /I{D6414CC7-F215-467F-88B1-546ED863F35B}
ccCommon --> MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
Conexant AC-Link Audio --> CIAunwdm.exe
Cool Edit Pro 2.0 --> C:\Program Files\coolpro2\cep2unin.exe
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iPod for Windows 2005-03-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{44A537A5-859C-43A6-8285-C0668142A090} /l1033
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kelly Slater's Pro Surfer™ --> MsiExec.exe /X{A4479693-378E-49EB-AD5A-C5A8B2BC097A}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
LimeWire 4.12.11 --> "D:\LimeWire\uninstall.exe"
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
LucasArts' Star Wars: Episode I Racer --> C:\WINDOWS\uninst.exe -fd:\Starwars\DeIsL1.isu
Macromedia Flash MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash Player --> MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
MSRedist --> MsiExec.exe /I{FC37ABD0-2108-4beb-B010-1254E0662B5A}
Norton AntiVirus 2004 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2004 (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NTI Backup NOW! 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4E68EAA3-775A-4542-A08A-47DB8E8E74A6} /l1033 BUNText
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778} /l1033 AnyText
OpenMG Limited Patch 3.4-04-17-06-01 --> C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-04-17-06-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26C849AB-1865-412D-B87D-B18BC5CB6C60}\setup.exe" -l0x9 UNINSTALL
PokerStars --> "C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Search Bar --> regsvr32 /u /s "C:\Program Files\Deskbar\deskbar.dll"
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snes9x --> C:\WINDOWS\iun3405.exe d:\chris\Snes9x
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_00641025\HXFSETUP.EXE -U -Iqta00645.inf
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Symantec Script Blocking Installer --> MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
SymNet --> MsiExec.exe /I{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{23C7348E-131C-4BFF-9763-2C804D6B87AE}
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Videora iPod nano Converter 3.07 --> D:\videora ipod video converta\Video Converter 3\uninstaller.exe
VobSub v2.05 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WinAce Archiver --> "C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type13739 / Error
Event Submitted/Written: 05/10/2008 08:55:48 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x71ab664d.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type13733 / Error
Event Submitted/Written: 05/09/2008 05:21:02 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x01cd00a9.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type13726 / Error
Event Submitted/Written: 05/09/2008 04:09:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x71ab664d.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type13714 / Error
Event Submitted/Written: 05/08/2008 10:31:14 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module unknown, version 0.0.0.0, fault address 0x71ab664d.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type13707 / Warning
Event Submitted/Written: 05/08/2008 00:20:36 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'OUTLOOKNonBootFiles' failed during request for component '{72C23EF9-E5CF-11D1-A17F-00A0C90AB50F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type62531 / Error
Event Submitted/Written: 05/10/2008 08:56:12 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Event Record #/Type62530 / Error
Event Submitted/Written: 05/10/2008 08:56:12 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event Record #/Type62501 / Error
Event Submitted/Written: 05/09/2008 04:09:42 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
vspf
vspf_hk

Event Record #/Type62500 / Error
Event Submitted/Written: 05/09/2008 04:09:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Network Monitor service failed to start due to the following error:
%%2

Event Record #/Type62488 / Warning
Event Submitted/Written: 05/08/2008 10:56:55 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000E357DFE77. The IP address being used is 169.254.147.147.



-- End of Deckard's System Scanner: finished at 2008-05-10 09:40:15 ------------




Deckard's System Scanner v20071014.68
Run by David on 2008-05-10 09:37:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
5: 2008-05-10 08:37:17 UTC - RP662 - Deckard's System Scanner Restore Point
4: 2008-05-08 19:42:29 UTC - RP661 - System Checkpoint
3: 2008-05-07 15:16:00 UTC - RP660 - System Checkpoint
2: 2008-05-04 19:09:56 UTC - RP659 - System Checkpoint
1: 2008-05-03 15:52:23 UTC - RP658 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).
System Drive C: has 0.28 GiB (less than 15%) free.


-- HijackThis (run as David.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:41 AM, on 5/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\iuttzid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\David\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://blackle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [tnge1877] RUNDLL32.EXE w001be8a.dll,n 004e18730000000a001be8a
O4 - HKLM\..\Run: [newname] C:\\nwnmff_e14.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e14.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Serviece Agents] iuttzid.exe
O4 - HKLM\..\RunServices: [Windows Serviece Agents] iuttzid.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Windows Serviece Agents] iuttzid.exe
O4 - HKCU\..\Policies\Explorer\Run: [{320D180E-063E-1033-1012-040410080001}] "C:\Program Files\Common Files\{320D180E-063E-1033-1012-040410080001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\party poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Games\party poker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

--
End of file - 9359 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080507-171730-687 O4 - HKLM\..\Run: [Disk Knight] C:\WINDOWS\Knight.exe
backup-20080507-171730-604 O4 - HKLM\..\Run: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe
backup-20080507-171730-384 O4 - HKLM\..\RunServices: [Windows Serviece Agents] hlnxcza.exe
backup-20080507-171730-779 O4 - HKLM\..\RunServices: [msnmgnr] C:\WINDOWS\system32\msnmgnr.exe
backup-20080507-171730-594 O4 - HKLM\..\RunServices: [hotefix] msnmanegers.exe
backup-20080507-171730-416 O4 - HKCU\..\Run: [Windows Serviece Agents] hlnxcza.exe
backup-20080507-171730-683 O4 - HKCU\..\Run: [hotefix] msnmanegers.exe
backup-20080507-171730-882 O4 - HKUS\S-1-5-18\..\RunOnce: [hotefix] msnmanegers.exe (User 'SYSTEM')
backup-20080507-173112-978 F2 - REG:system.ini: Shell=Explorer.exe msnmngr.exe
backup-20080507-173112-971 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
backup-20080507-173149-817 O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

-- File Associations -----------------------------------------------------------

.scr - AutoCADScriptFile - shell\open\command - C:\WINDOWS\NOTEPAD.EXE "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R1 SbcpHid - c:\windows\system32\drivers\sbcphid.sys
R2 EpmPsd (Acer EPM Power Scheme Driver) - c:\windows\system32\drivers\epm-psd.sys <Not Verified; Acer Value Labs, USA; Acer EPM Power Scheme Driver>
R2 EpmShd (Acer EPM System Hardware Driver) - c:\windows\system32\drivers\epm-shd.sys <Not Verified; Acer Value Labs, USA; Acer EPM System Hardware Driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows ® 2000 DDK provider; OSA int15 Driver Version 2.0.2>
R3 DKbFltr (Dritek HotKey Keyboard Filter Driver) - c:\windows\system32\drivers\dkbfltr.sys <Not Verified; Dritek System Inc.; Dritek MMKey>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S1 vspf - c:\windows\system32\drivers\vspf5.sys (file missing)
S1 vspf_hk - c:\windows\system32\drivers\vspf_hk5.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 Network Monitor - c:\program files\network monitor\netmon.exe service (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-09 21:00:18 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job
2008-05-03 20:41:12 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-06-07 13:21:50 412 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-04-10 and 2008-05-10 -----------------------------

2008-05-10 09:19:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-10 09:19:46 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-10 09:19:44 0 d-------- C:\WINDOWS\LastGood
2008-05-08 22:43:54 221532 --a------ C:\nzm1.exe
2008-05-07 17:14:43 0 d-------- C:\Program Files\Trend Micro
2008-05-06 20:09:23 254464 --a------ C:\nzm4.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-09 22:58:40 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-07 17:53:50 80848 --a------ C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2008-04-07 13:42:22 212 --a------ C:\WINDOWS\recover.reg
2008-04-02 19:16:04 0 d-------- C:\Program Files\PokerStars
2008-03-24 11:17:58 0 d-------- C:\Program Files\Western Digital Technologies


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [05/20/2004 07:57 PM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [05/20/2004 07:57 PM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 05:00 AM C:\WINDOWS\system32\bthprops.cpl]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [08/27/2004 04:50 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/15/2004 09:10 PM]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [07/14/2004 02:19 PM]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [09/01/2004 05:38 PM]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [07/30/2004 11:30 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/22/2004 05:45 PM]
"tnge1877"="w001be8a.dll" []
"newname"="C:\\nwnmff_e14.exe" []
"defender"="C:\\dfndrff_e14.exe" []
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [04/28/2008 11:28 AM]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [08/23/2006 11:38 PM]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [09/25/2006 06:03 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/2007 03:43 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\Quicktime\qttask.exe" [01/31/2008 11:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/04/2008 02:18 PM]
"Windows Serviece Agents"="iuttzid.exe" [06/13/2007 11:23 AM C:\WINDOWS\system32\iuttzid.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [09/22/2006 09:19 PM]
"Windows Serviece Agents"="iuttzid.exe" [06/13/2007 11:23 AM C:\WINDOWS\system32\iuttzid.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Windows Serviece Agents"=iuttzid.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"hotefix"=msnmanegers.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{320D180E-063E-1033-1012-040410080001}"="C:\Program Files\Common Files\{320D180E-063E-1033-1012-040410080001}\Update.exe" mc-110-12-0000140

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29477f20-05eb-11dc-b5d0-000e357dfe77}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a9411c0-d649-11dc-b731-000e357dfe77}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4463a390-1daf-11dc-b5f8-000e357dfe77}]
AutoRun\command- F:\
explore\Command- RECYCLER\INFO.exe
open\Command- RECYCLER\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55470650-1460-11dd-b792-000e357dfe77}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73dda631-d721-11d9-b1ef-806d6172696f}]
AutoRun\command- D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{859dc850-7c16-11dc-b698-000e357dfe77}]
auto\command- F:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a93c8f0-f0dd-11db-b598-000e357dfe77}]
auto\command- F:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a6f32811-ea30-11d9-b232-000e357dfe77}]
auto\command- F:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a765a050-edc6-11db-b592-000e357dfe77}]
auto\command- F:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- F:\Knight.exe open
find\command- F:\Knight.exe open
install\command- F:\Knight.exe open
open\command- F:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a765a058-edc6-11db-b592-000e357dfe77}]
auto\command- H:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- H:\Knight.exe open
find\command- H:\Knight.exe open
install\command- H:\Knight.exe open
open\command- H:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65998e0-45e2-11dc-b62c-000e357dfe77}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e
Open\command- Boot.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5d6d8a0-7536-11da-b336-000e357dfe77}]
AutoRun\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
open\command- F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db15b320-80a8-11dc-b6aa-000e357dfe77}]
auto\command- G:\Knight.exe open
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
explore\command- G:\Knight.exe open
find\command- G:\Knight.exe open
install\command- G:\Knight.exe open
open\command- G:\Knight.exe open

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e20dcd00-8d35-11dc-b6c8-000e357dfe77}]
AutoRun\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe
open\command- RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e71c2dd0-f993-11dc-b766-000e357dfe77}]
AutoRun\command- G:\wd_windows_tools\setup.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAX5-90401C608512}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe



-- End of Deckard's System Scanner: finished at 2008-05-10 09:40:15 ------------

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:50 AM

Posted 31 May 2008 - 11:34 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new log in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:50 AM

Posted 11 June 2008 - 08:01 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users