Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Won't Let Me Double-click To Open Files


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zapprint

Zapprint

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:45 PM

Posted 12 May 2008 - 03:12 PM

I'm having issues with both of my PCs at work. The one I'm posting about now has developed an annoying habit of not letting me double-click on my external hard drive icon to open it. A minor thing, I know, especially compared to what my other computer is doing, but bothersome nonetheless. I have tried to run Kaspersky's but it locks up both my computers. Here are the logs for the Deckard's scan.

Thanks in advance for your help.



Deckard's System Scanner v20071014.68
Run by Administrator on 2008-05-12 14:47:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
62: 2008-05-12 19:47:41 UTC - RP106 - Deckard's System Scanner Restore Point
61: 2008-05-12 17:29:57 UTC - RP105 - Printer Driver Adobe PDF Converter Installed
60: 2008-05-12 16:31:35 UTC - RP104 - Installed StuffIt Standard
59: 2008-05-12 16:20:04 UTC - RP103 - Installed WinZip 11.2
58: 2008-05-11 19:44:41 UTC - RP102 - System Checkpoint


-- First Restore Point --
1: 2008-03-18 19:22:08 UTC - RP45 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:51:17 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\gtwatch.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\PhotoPRINT Select 2.50\Program\App2.exe
C:\WINDOWS\twain_32\L3U16\WATCH.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [CnwiDeviceAgent] C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Command WorkStation 4.lnk = C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe
O4 - Global Startup: GARO Status Monitor.lnk = C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe
O4 - Global Startup: PhotoPRINT Select 2.50.lnk = C:\Program Files\PhotoPRINT Select 2.50\Program\App2.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\L3U16\WATCH.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1204544135390
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 8190 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R2 Par1284 - c:\program files\photoprint select 2.50\program\par1284.sys <Not Verified; Warp Nine Engineering; IEEE 1284 Driver>
R3 GT681x (%GrandTechICNameNT%) - c:\windows\system32\drivers\gt681x.sys <Not Verified; ; USB Scanner Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Adobe Version Cue CS2 - "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe" -win32service <Not Verified; Adobe Systems Incorporated; Adobe Version Cue CS2>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_71251462&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_71251462&REV_A2\3&2411E6FE&0&09
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-05-06 07:34:09 572 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job


-- Files created between 2008-04-12 and 2008-05-12 -----------------------------

2008-05-12 14:50:53 0 d-------- C:\Program Files\Trend Micro
2008-05-12 11:32:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Allume Systems
2008-05-12 11:31:51 0 d-------- C:\Program Files\Allume Systems
2008-05-12 11:20:08 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-05-10 10:44:02 0 d-------- C:\WINDOWS\system32\NtmsData
2008-05-07 15:42:07 45056 --a------ C:\WINDOWS\system32\cnwiop95.exe <Not Verified; CANON INC.; Canon IOS>
2008-05-07 15:42:07 106496 --a------ C:\WINDOWS\system32\cnwioc95.dll <Not Verified; CANON INC.; Canon IOS>
2008-05-07 15:31:25 0 d-------- C:\Documents and Settings\Administrator\Application Data\Help
2008-05-07 14:12:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Canon


-- Find3M Report ---------------------------------------------------------------

2008-05-12 12:30:29 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2008-05-12 12:28:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-12 11:32:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-11 14:14:09 0 --a------ C:\WINDOWS\TempFile
2008-05-08 10:15:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2008-05-07 15:44:45 0 d-------- C:\Program Files\Canon
2008-05-07 08:52:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\U3
2008-04-28 07:30:17 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-03-24 13:38:43 0 d-------- C:\Program Files\PhotoPRINT Select 2.50
2008-03-24 13:36:15 0 d-------- C:\Program Files\SafeNet Sentinel
2008-03-24 13:36:15 0 d-------- C:\Program Files\Common Files
2008-03-24 13:36:15 0 d-------- C:\Program Files\Common Files\SafeNet Sentinel
2008-03-24 13:34:34 6656 --a------ C:\WINDOWS\system32\haspvdd.dll <Not Verified; Aladdin Knowledge Systems.; Windows NT HASP Virtual Device Driver>
2008-03-24 13:34:34 383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-03-24 13:33:07 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-19 13:54:20 309061 --a------ C:\WINDOWS\system32\7100
2008-03-19 13:48:44 309068 --a------ C:\WINDOWS\system32\CLC 4000
2008-03-01 03:16:12 0 -rahs---- C:\MSDOS.SYS
2008-03-01 03:16:12 0 -rahs---- C:\IO.SYS
2008-03-01 03:16:12 0 --a------ C:\CONFIG.SYS
2008-03-01 03:16:12 0 --a------ C:\AUTOEXEC.BAT
2008-03-01 03:13:45 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
03/03/2008 11:18 AM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/10/2005 03:06 AM]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/10/2005 03:06 AM]
"SoundMan"="SOUNDMAN.EXE" [10/04/2005 05:12 PM C:\WINDOWS\SOUNDMAN.EXE]
"Gtwatch"="C:\WINDOWS\gtwatch.exe" [08/24/2001 02:18 PM]
"@"="" []
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [04/04/2005 09:58 PM]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/25/2008 08:47 PM]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [02/07/2008 01:49 AM]
"CnwiDeviceAgent"="C:\Program Files\Canon\GAROStatusMonitor\cnwida.exe" [05/17/2006 02:07 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 11:56 PM]
"updateMgr"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 04:45 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [3/3/2008 9:45:11 AM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 10:16:50 PM]
Command WorkStation 4.lnk - C:\Program Files\Fiery\Command WorkStation 4\cws 4.exe [3/5/2008 11:50:31 AM]
GARO Status Monitor.lnk - C:\Program Files\Canon\GAROStatusMonitor\cnwism.exe [5/7/2008 3:42:06 PM]
PhotoPRINT Select 2.50.lnk - C:\Program Files\PhotoPRINT Select 2.50\Program\App2.exe [3/24/2008 1:33:08 PM]
Watch.lnk - C:\WINDOWS\twain_32\L3U16\WATCH.exe [3/3/2008 9:05:31 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [4/28/2008 11:20:00 AM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0047be49-0bbf-11dd-a9ca-0013d3c10715}]
AutoRun\command- E:\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{427e0d1d-16dc-11dd-a9d4-0013d3c10715}]
AutoRun\command- E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{43555bb4-1b70-11dd-a9db-0013d3c10715}]
AutoRun\command- H:\l2f.cmd
explore\Command- H:\l2f.cmd
open\Command- H:\l2f.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{728809eb-eb9a-11dc-a9a1-0013d3c10715}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c3f1449-e937-11dc-a996-0013d3c10715}]
AutoRun\command- E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9c3f144a-e937-11dc-a996-0013d3c10715}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a037a813-f679-11dc-a9b6-0013d3c10715}]
Auto\command- Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9f4f40d-1785-11dd-a9d5-0013d3c10715}]
Auto\command- E:\Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f005da-e92a-11dc-a994-0013d3c10715}]
Auto\command- Start.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8d7479a-1c35-11dd-a9dc-0013d3c10715}]
AutoRun\command- l2f.cmd
explore\Command- l2f.cmd
open\Command- l2f.cmd




-- End of Deckard's System Scanner: finished at 2008-05-12 14:51:51 ------------



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon™ 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 1023.48 MiB / 624.03 MiB
Pagefile Memory (total/avail): 2460.75 MiB / 1945.96 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 298.08 GiB total, 281.88 GiB free.
D: is Fixed (FAT32) - 232.83 GiB total, 197.42 GiB free.
F: is CDROM (No Media)
G: is CDROM (Unformatted)

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 298.08 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD2500JB-00REA0 USB Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 232.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Norton AntiVirus v15.5.0.23 (Symantec Corporation)
AV: Norton AntiVirus v15.5.0.23 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"="C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ZAP-A5AA4246655
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ZAP-A5AA4246655
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\COMMON~1\EFI;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\Fiery\COMMAN~1\plugins
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ZAP-A5AA4246655
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
Version=;C:\PROGRA~1\COMMON~1\EFI
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

-->
--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
--> msiexec /i {46548E80-0409-0000-7E8A-45000F855001}
--> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
--> msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{307648F9-7FC0-11D6-A05F-00E081105A80}\setup.exe" -l0x9 remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71B02EA1-C47F-4626-852D-C72F80DEA754}\setup.exe" -l0x9 remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB6BBAD5-0AF0-4DC3-AA3B-17176C74EA46}\setup.exe" -l0x9 remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF057BEA-6699-4232-BE25-2AD37ECAB9D0}\setup.exe" -l0x9 remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 4.0 Sprint --> C:\WINDOWS\bitdeins.exe C:\PROGRA~1\ABBYYF~1.0SP\bitdeins.ini
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 2 --> C:\PROGRA~1\INSTAL~1\{0134A~1\setup.exe /relaunched/rootloc=f:\adobe creative suite 2.0/lang=0409
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Canon Digital Photo Print Pro --> MsiExec.exe /I{187C459B-CF8D-4626-9F7A-D5E8C2020B51}
Canon PosterArtist --> MsiExec.exe /I{B31A01BA-AE37-472E-9AD7-03EF56B972C9}
ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Command WorkStation 4 .2.0.45 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60A73620-3618-11D2-AD1A-006008A6ABE2}\setup.exe" -l0x9 remove
Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Crush'Em 2.0 --> C:\WINDOWS\Crush'Em 2.0\UNWISE.EXE C:\WINDOWS\Crush'Em 2.0\install.log
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
GARO Status Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66392B7C-C522-450D-97B7-B3E41E170C3B}\setup.exe" -l0x9
Intel® PRO Network Connections Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall SMALLBUSINESSR /dll OSETUP.DLL
Microsoft Office Small Business 2007 --> MsiExec.exe /X{91120000-00CA-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Network ScanGear Ver.2.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{ACFDE3C6-8686-11D9-A395-000E7F60AD33} UNINSTALL
Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}_15_5_0_23\Setup.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
PhotoPRINT Select 2.50 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A2D9684-5A62-432A-AB9A-A991D755E742}\SETUP.EXE" -l0x9 -removeonly
Puzzl'Em 1.0 Beta2 --> C:\WINDOWS\Puzzl'Em1.0Beta2\UNWISE.EXE C:\WINDOWS\Puzzl'Em1.0Beta2\install.log
ScanExpress A3 USB v1.4 --> C:\WINDOWS\twain_32\L3U16\UNINST.EXE
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sentinel Protection Installer 7.1.1 --> MsiExec.exe /I{D2E7A6EA-5853-426A-920D-12F4F250927E}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
StuffIt Standard --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{40ABF1E0-8B6F-4D32-B343-E19FA2F04B3C}
Suite Specific --> MsiExec.exe /I{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}
Symantec Real Time Storage Protection Component --> MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb949037) --> msiexec /package {91120000-00CA-0000-0000-0000000FF1CE} /uninstall {B4F188C6-6DBF-42A5-A8A3-3086D1A384F2}
W8400PG Media Configuration Tool --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52700DBF-7258-463C-9AEE-50121FFDD66B}\setup.exe" -l0x9
W8400PG Printer Driver Extra Kit --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8D54EF2-76DD-40ED-A03D-228AA1402D81}\setup.exe" -l0x9
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3470 / Error
Event Submitted/Written: 05/12/2008 01:57:56 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application cws 4.exe, version 4.2.0.45, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type3427 / Error
Event Submitted/Written: 05/10/2008 10:54:22 AM
Event ID/Source: 8019 / NTBackup
Event Description:
End Operation: Warnings or errors were encountered.

Consult the backup report for more details.

Event Record #/Type3321 / Error
Event Submitted/Written: 05/07/2008 03:54:55 PM
Event ID/Source: 1 / CanonPrinterDriver3
Event Description:
Entry Function: DrvDocumentPropertySheets, Base Address: 6A900000, Exception Address: 6AA09FD5, Exception Code: ACCESS_VIOLATION

Event Record #/Type3320 / Error
Event Submitted/Written: 05/07/2008 03:54:55 PM
Event ID/Source: 1 / CanonPrinterDriver3
Event Description:
Entry Function: DrvDocumentPropertySheets, Base Address: 6A900000, Exception Address: 6AA09FD5, Exception Code: ACCESS_VIOLATION

Event Record #/Type3317 / Warning
Event Submitted/Written: 05/07/2008 03:49:25 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-1033-0000-7760-000000000002}', feature 'PDFMakerForIE' failed during request for component ''



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type6163 / Warning
Event Submitted/Written: 05/12/2008 07:27:06 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\PREFERRE-3AAE75 on the network \Device\NetBT_Tcpip_{FB42D40B-2CCD-409E-9EE0-F405D94A613B}.
The data is the error code.

Event Record #/Type6159 / Warning
Event Submitted/Written: 05/12/2008 03:53:31 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6125 / Warning
Event Submitted/Written: 05/11/2008 02:13:41 PM / 05/11/2008 02:14:06 PM
Event ID/Source: 30 / E1000
Event Description:
Intel® PRO/1000 GT Desktop Adapter
is set up for auto-negotiation but the link partner is not configured for auto-negotiation. A duplex mismatch may occur.

Event Record #/Type6080 / Error
Event Submitted/Written: 05/10/2008 10:42:53 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type6077 / Warning
Event Submitted/Written: 05/10/2008 10:42:13 AM / 05/10/2008 10:42:38 AM
Event ID/Source: 30 / E1000
Event Description:
Intel® PRO/1000 GT Desktop Adapter
is set up for auto-negotiation but the link partner is not configured for auto-negotiation. A duplex mismatch may occur.



-- End of Deckard's System Scanner: finished at 2008-05-12 14:51:51 ------------

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:45 PM

Posted 31 May 2008 - 11:57 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new log in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:45 PM

Posted 09 June 2008 - 07:23 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users