Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Dangerous Trojan Horses Detected In Your System Please Download


  • This topic is locked This topic is locked
2 replies to this topic

#1 uhking

uhking

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 July 2008 - 01:13 AM

Deckard's System Scanner v20071014.68
Run by Umair on 2008-07-03 11:46:28
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-07-03 05:46:35 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 80% (more than 75%).
Total Physical Memory: 254 MiB (512 MiB recommended).


-- HijackThis (run as Umair.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:54, on 03/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\MDaemon\WebAdmin\WebAdmin.exe
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\Engineering\Technical\Weigher and Packing Machine\Technical Assistance\Soft\Game\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Umair.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = fei:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VideoCodec Class - {926A61C9-5C20-4583-ACA7-ACE21088816E} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: Answers... - file://C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fei.com.pk
O17 - HKLM\Software\..\Telephony: DomainName = fei.com.pk
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B559F3-98F9-4BD3-9653-C7E6E523A119}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fei.com.pk
O17 - HKLM\System\CS1\Services\Tcpip\..\{32B559F3-98F9-4BD3-9653-C7E6E523A119}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fei.com.pk
O17 - HKLM\System\CS2\Services\Tcpip\..\{32B559F3-98F9-4BD3-9653-C7E6E523A119}: NameServer = 192.168.0.1
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WebAdmin - Alt-N Technologies, Ltd. - C:\MDaemon\WebAdmin\WebAdmin.exe

--
End of file - 7337 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 NaiFsRec - c:\windows\system32\drivers\naifsrec.sys
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 NaiFiltr - c:\program files\common files\network associates\mcshield\naifiltr.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AvSynMgr (AVSync Manager) - "c:\program files\network associates\virusscan\avsynmgr.exe"
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 WebAdmin - c:\mdaemon\webadmin\webadmin.exe <Not Verified; Alt-N Technologies, Ltd.; WebAdmin>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-03 and 2008-07-03 -----------------------------

2008-07-03 11:17:27 81920 --a------ C:\WINDOWS\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix>
2008-07-03 11:17:26 86528 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-07-03 11:17:25 82944 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-07-03 11:17:24 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-03 11:17:24 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-07-03 11:17:24 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-03 11:17:23 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-07-03 11:17:23 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-07-03 11:04:24 0 d-------- C:\Documents and Settings\Umair\SmitfraudFix <SMITFR~1>
2008-07-03 10:36:45 3310 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-03 10:26:54 0 d-------- C:\Documents and Settings\Umair\Application Data\Malwarebytes
2008-07-03 10:26:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 10:26:43 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 09:08:06 0 d-------- C:\Program Files\Enigma Software Group
2008-07-02 11:51:24 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-07-02 11:51:24 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-07-02 11:51:24 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-07-02 11:51:24 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-02 11:51:24 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-02 11:51:13 0 d-------- C:\Program Files\Trojan Remover
2008-07-02 11:51:13 0 d-------- C:\Documents and Settings\Umair\Application Data\Simply Super Software
2008-07-02 11:51:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-07-02 11:15:22 86528 --a------ C:\WINDOWS\system32\herdloev.dll
2008-07-02 10:20:23 3164 --a------ C:\WINDOWS\17PHolmes1535.exe
2008-07-02 08:23:44 0 --a------ C:\WINDOWS\system32\w32apiw.dll
2008-07-02 08:23:42 0 d-------- C:\Documents and Settings\Umair\Application Data\nCleaner
2008-07-01 14:50:55 0 d-------- C:\Program Files\Lavasoft
2008-07-01 14:49:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-27 16:21:37 1152 --a------ C:\WINDOWS\system32\windrv.sys
2008-06-27 16:21:02 0 d-------- C:\Program Files\Common Files\Download Manager
2008-06-27 10:22:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-27 09:36:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-26 15:32:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-06-26 13:43:38 0 d-------- C:\Program Files\Trend Micro
2008-06-26 12:38:35 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-06-26 11:58:45 0 dr-h----- C:\Documents and Settings\Umair\Recent
2008-06-26 08:31:20 18944 --a------ C:\WINDOWS\system32\ksadio.dll
2008-06-26 07:55:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-06-25 13:54:40 0 d-------- C:\Documents and Settings\Umair\Application Data\Proxima Software
2008-06-25 10:54:09 0 d-------- C:\Program Files\GetData
2008-06-25 10:53:45 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 11:30:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Anvsoft
2008-06-23 11:27:49 0 d-------- C:\WINDOWS\aim95
2008-06-23 11:27:30 61952 --a------ C:\WINDOWS\system32\nabapi32.dll <Not Verified; Netscape Communications Corporation; Netscape Communications Address Book API>
2008-06-23 11:27:16 634087 --a------ C:\WINDOWS\cd32.exe
2008-06-23 11:26:46 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-23 11:26:36 0 d-------- C:\Documents and Settings\Umair\WINDOWS
2008-06-23 11:20:51 0 d-------- C:\Documents and Settings\Umair\.spamassassin
2008-06-23 11:16:51 155648 --a------ C:\WINDOWS\system32\SSCE5232.dll <Not Verified; Wintertree Software Inc.; Sentry Spelling-Checker Engine>
2008-06-23 11:16:06 44544 --a------ C:\WINDOWS\system32\msxml4a.dll <Not Verified; Microsoft Corporation; Microsoft® MSXML 4.0 SP1>
2008-06-23 11:16:04 107530 --a------ C:\WINDOWS\system32\xcdsfx32.bin <Not Verified; Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com; The Xceed Zip Compression Library>
2008-06-23 11:15:00 0 d-------- C:\MDaemon
2008-06-23 10:58:50 0 d-------- C:\Documents and Settings\Umair\Application Data\GlobalSCAPE
2008-06-21 12:45:04 0 d-------- C:\Program Files\NKProds
2008-06-21 10:29:06 0 d-------- C:\Documents and Settings\Umair\dwhelper
2008-06-20 12:57:32 0 d-------- C:\Program Files\Realtek Sound Manager
2008-06-20 12:57:29 0 d-------- C:\Program Files\AvRack
2008-06-20 12:57:27 208896 -----n--- C:\WINDOWS\alcupd.exe <Not Verified; Realtek Semiconductor Corp.; Update Application for Realtek AC'97>
2008-06-20 12:57:27 135168 -----n--- C:\WINDOWS\alcrmv.exe <Not Verified; Realtek Semiconductor Corp.; Realtek AC'97 Removing Tool>
2008-06-20 12:51:31 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-20 10:29:44 0 d-------- C:\Program Files\Common Files\Sagekey Software
2008-06-20 09:44:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-20 08:41:33 0 d-------- C:\Documents and Settings\Umair\Application Data\Eyeblaster
2008-06-19 12:14:43 0 d-------- C:\Program Files\Yahoo!
2008-06-19 12:02:26 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-19 12:02:01 0 d-------- C:\Documents and Settings\Umair\Application Data\MSNInstaller
2008-06-19 11:43:01 0 d-------- C:\Program Files\QuickTime
2008-06-19 11:42:53 0 d-------- C:\Program Files\Xilisoft
2008-06-13 16:50:10 0 d-------- C:\Documents and Settings\Umair\Application Data\CyberLink
2008-06-13 16:48:41 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-12 13:19:37 0 d-------- C:\Program Files\Calc98b
2008-06-12 13:16:26 0 d-------- C:\Program Files\Calc98
2008-06-12 08:31:05 0 d-------- C:\Program Files\Engineering Power Tools - Plus Edition v2.0.4
2008-06-11 12:30:37 0 d-------- C:\Documents and Settings\Rais\Application Data\MSNInstaller
2008-06-10 21:39:00 229376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll <Not Verified; IRCodecs; RichVideoCodec>
2008-06-10 13:09:54 0 d-------- C:\Program Files\MyOrkut
2008-06-07 14:52:38 0 d-------- C:\Documents and Settings\Umair\Application Data\Fireshot
2008-06-07 14:52:38 0 d--hs---- C:\Documents and Settings\All Users\Application Data\System Restore
2008-06-07 14:46:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-07 08:53:43 0 d-------- C:\Documents and Settings\LocalService\Application Data\WinRAR
2008-06-07 08:23:55 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-06-07 08:23:42 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-06-07 08:23:41 0 d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-06-07 08:23:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Mozilla
2008-06-06 15:32:26 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-06 12:33:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-06-06 12:31:47 274432 --a------ C:\WINDOWS\TLCUninstall.exe <Not Verified; Riverdeep Interactive Learning Limited; Launcher>
2008-06-06 12:31:46 0 d-------- C:\Program Files\Broderbund
2008-06-04 15:43:46 0 d-------- C:\Documents and Settings\Umair\Application Data\Talkback


-- Find3M Report ---------------------------------------------------------------

2008-07-01 14:49:17 0 d-------- C:\Program Files\Common Files
2008-06-27 16:29:51 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-26 12:02:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-26 11:02:36 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-26 10:39:27 0 d-------- C:\Program Files\Common Files\Adobe
2008-06-23 12:23:09 40485 --a------ C:\WINDOWS\nsreg.dat
2008-06-23 11:27:49 0 d-------- C:\Program Files\Netscape
2008-06-21 11:56:34 0 d-------- C:\Program Files\1-Click Answers
2008-06-20 12:53:41 0 d-------- C:\Documents and Settings\Umair\Application Data\Real
2008-06-20 12:51:27 0 d-------- C:\Program Files\Common Files\Real
2008-06-20 08:39:33 0 d-------- C:\Documents and Settings\Umair\Application Data\GameHouse
2008-06-19 12:02:18 0 d-------- C:\Program Files\pdf995
2008-06-07 14:46:11 0 d-------- C:\Program Files\Google
2008-06-04 16:23:40 10185 --a------ C:\WINDOWS\mozver.dat
2008-05-19 16:05:58 0 d-------- C:\Program Files\OFFICE-KIT.COM
2008-05-19 16:05:44 0 d-------- C:\Program Files\MyPublisher
2008-05-19 15:58:13 0 d-------- C:\Documents and Settings\Umair\Application Data\MyPublisher
2008-05-16 09:10:35 0 d-------- C:\Documents and Settings\Umair\Application Data\HP
2008-05-15 12:44:35 0 d-------- C:\Program Files\TypeFaster
2008-05-15 12:41:37 0 d-------- C:\Documents and Settings\Umair\Application Data\Adobe
2008-05-15 10:34:41 112410 --a------ C:\WINDOWS\hpoins07.dat
2008-05-15 10:19:05 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-15 10:17:49 0 d-------- C:\Program Files\Common Files\HP
2008-05-15 10:11:09 0 d-------- C:\Program Files\Hewlett-Packard
2008-05-15 10:10:56 0 d-------- C:\Program Files\HP
2008-05-15 10:04:44 0 d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-15 09:49:24 0 d-------- C:\Program Files\JawsSystems
2008-05-14 11:41:36 0 d-------- C:\Documents and Settings\Umair\Application Data\WinRAR
2008-05-12 16:47:51 0 d-------- C:\Documents and Settings\Umair\Application Data\pdf995
2008-05-12 11:47:20 0 d-------- C:\Documents and Settings\Umair\Application Data\Office-Kit.com
2008-05-12 11:46:20 0 d-------- C:\Program Files\Office-Kit
2008-05-07 17:03:34 249856 --a------ C:\WINDOWS\system32\pdfmona.dll <Not Verified; TODO: <Company name>; TODO: <Product name>>
2008-05-07 17:03:34 51716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-17 21:48:04 62 --ahs---- C:\Documents and Settings\Umair\Application Data\desktop.ini
2008-04-17 17:28:43 105168 --a------ C:\WINDOWS\NSUninst.exe
2008-04-17 17:28:18 105168 --a------ C:\WINDOWS\GREUninstall.exe
2008-04-17 16:58:58 0 -rahs---- C:\MSDOS.SYS
2008-04-17 16:58:58 0 -rahs---- C:\IO.SYS
2008-04-17 16:58:58 0 --a------ C:\CONFIG.SYS
2008-04-17 16:58:58 0 --a------ C:\AUTOEXEC.BAT
2008-04-17 16:55:10 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{926A61C9-5C20-4583-ACA7-ACE21088816E}]
10/06/2008 21:39 229376 --a------ C:\WINDOWS\system32\RichVideoCodec.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [16/10/2002 00:18]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [16/10/2002 00:05]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [03/08/2004 23:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [03/08/2004 23:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/08/2004 23:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [03/08/2004 23:32]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 18:00]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [12/05/2005 00:12]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [20/06/2008 12:50]
"SoundMan"="SOUNDMAN.EXE" [24/04/2003 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [29/04/2008 10:10]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [11/01/2008 19:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 18:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [17/04/2008 5:51:23 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qwc38.sys]
@="Driver"




-- End of Deckard's System Scanner: finished at 2008-07-03 11:49:55 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.26GHz
Percentage of Memory in Use: 64%
Physical Memory (total/avail): 253.8 MiB / 90.29 MiB
Pagefile Memory (total/avail): 2240.53 MiB / 1872.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.6 MiB

C: is Fixed (NTFS) - 19.53 GiB total, 9.15 GiB free.
D: is Fixed (FAT32) - 17.73 GiB total, 2.74 GiB free.

\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 17.73 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Umair\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=STATION56
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Umair
LOGONSERVER=\\STATION56
MOZ_CRASHREPORTER_DATA_DIRECTORY=C:\Documents and Settings\Umair\Application Data\Mozilla\Firefox\Crash Reports
MOZ_CRASHREPORTER_RESTART_ARG_0=C:\Program Files\Mozilla FireFox\firefox.exe
MOZ_CRASHREPORTER_STRINGS_OVERRIDE=C:\Program Files\Mozilla FireFox\crashreporter-override.ini
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla FireFox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Umair\LOCALS~1\Temp
TMP=C:\DOCUME~1\Umair\LOCALS~1\Temp
USERDOMAIN=STATION56
USERNAME=Umair
USERPROFILE=C:\Documents and Settings\Umair
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Umair (admin)
Rais
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-Click Answers --> C:\Program Files\1-Click Answers\Answers.exe /Un
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat 8.1.2 Security Update 1 (KB403742) -->
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe CMM --> C:\Program Files\Common Files\Adobe\Installers\b7572144686c889e4039b734b60fbbd\Setup.exe
Adobe CMM --> MsiExec.exe /I{42362C04-7187-4BB9-9B92-04216157E0EF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Setup --> MsiExec.exe /I{098F8AD3-DAC4-4B37-B9F8-4F9E92B41BE7}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AutoCAD 2004 --> MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Engineering Power Tools - Plus Edition v2.0.4 --> "C:\Program Files\Engineering Power Tools - Plus Edition v2.0.4\unins000.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla FireFox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Updater --> "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InPage 2005 --> C:\Program Files\InPage 2005 Professional\InPage 2005\Uninst.exe /pid:{7291D94A-872B-462C-A99F-37D37503CD9B} /asd
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® Extreme Graphics Driver Software --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java Web Start\uninst-javaws.exe"
Jaws PDF Creator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2A227E0-8DEC-11D2-A564-B2890D000000}\setup.exe" -Uninstall
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 Plugin --> MsiExec.exe /X{91057632-CA70-413C-B628-2D3CDBBB906B}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mavis Beacon Teaches Typing Deluxe 16 --> C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing Deluxe 16\Uninstall.xml"
McAfee VirusScan --> MsiExec.exe /I{87AEFD84-BC0D-11D4-B885-00508B022A51}
Microsoft Firewall Client --> MsiExec.exe /I{8C7A59A8-9ABE-459A-9A93-08C281A4A264}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla FireFox\uninstall\helper.exe
nCleaner second 2.3.4.0 --> C:\Program Files\NKProds\nCleaner\uninstall.exe
Netscape (7.2) --> C:\WINDOWS\NSUninst.exe /ua "7.2 (en)"
Phonetic --> MsiExec.exe /I{EF211EF4-14BE-4550-9858-9D286F16DAD7}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SafeCast Shared Components --> C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Trojan Remover 6.7.0 --> "C:\Program Files\Trojan Remover\unins000.exe"
TypeFaster Typing Tutor --> "C:\Program Files\TypeFaster\uninstall.exe"
Windows Internet Explorer 8 Beta 1 --> "C:\WINDOWS\ie8\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter 3 --> C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type1041 / Error
Event Submitted/Written: 07/03/2008 10:42:39 AM / 07/03/2008 10:42:40 AM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe took longer than 35000 ms to complete a request.

The process will be terminated.
Thread id : 1784 (0x6f8)

Thread address : 0x120dbcce

Thread message :

Build Nov 7 2001 22:53:54 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\Program Files\Common Files\HP\Memories Disc\2.0\hpodrend.exe
(@ 10003(29547)
10003(6031)
10003(5656)
10003(4359)
10003(3438)

Event Record #/Type1028 / Error
Event Submitted/Written: 07/02/2008 04:15:35 PM
Event ID/Source: 1015 / Winlogon
Event Description:
A critical system process, C:\WINDOWS\system32\lsass.exe, failed with status code 1. The machine
must now be restarted.

Event Record #/Type1016 / Error
Event Submitted/Written: 07/02/2008 02:59:07 PM / 07/02/2008 02:59:09 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe took longer than 35000 ms to complete a request.

The process will be terminated.
Thread id : 2060 (0x80c)

Thread address : 0x120e2344

Thread message :

Build Nov 7 2001 22:53:54 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\Program Files\Netscape\Netscape\Netscp.exe
(@ 10003(33438)
10003(25547)
10003(22719)
10010(22141)
24011(22141)

Event Record #/Type1014 / Error
Event Submitted/Written: 07/02/2008 00:24:51 PM
Event ID/Source: 5051 / McLogEvent
Event Description:
A thread in process C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe took longer than 35000 ms to complete a request.

The process will be terminated.
Thread id : 1008 (0x3f0)

Thread address : 0x120e1e57

Thread message :

Build Nov 7 2001 22:53:54 / 5200.2160
Object being scanned = \Device\HarddiskVolume1\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
(@ 10003(922)
10003(922)
10003(906)
10003(609)
10003(500)

Event Record #/Type996 / Error
Event Submitted/Written: 07/02/2008 10:56:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.2180, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [explorer.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10521 / Error
Event Submitted/Written: 07/03/2008 11:12:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type10518 / Error
Event Submitted/Written: 07/03/2008 11:09:07 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm

Event Record #/Type10517 / Error
Event Submitted/Written: 07/03/2008 11:07:49 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type10492 / Warning
Event Submitted/Written: 07/03/2008 10:56:56 AM / 07/03/2008 10:57:27 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type10491 / Warning
Event Submitted/Written: 07/03/2008 10:56:56 AM / 07/03/2008 10:57:27 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-07-03 11:49:55 ------------

BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:50 PM

Posted 03 July 2008 - 05:23 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new DSS log

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:12:50 PM

Posted 22 July 2008 - 07:11 AM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users