Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help needed with my hijackthis log


  • This topic is locked This topic is locked
12 replies to this topic

#1 AsnTsunami

AsnTsunami

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 06 October 2008 - 06:06 PM

Hey community,

I just recently reformatted my computer and im experiencing some trouble with my CPU usage.
Im playing a game named Lineage2, and recently i was getting spikes from the game. Before i was
having problems i could run 4 clients without any problems at all. Now i even get spikes when in start 1 client.

Please take a look at my log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:40 AM, on 10/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Lineage II\system\Game_Guard.des
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1220216946812
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

--
End of file - 2981 bytes

BC AdBot (Login to Remove)

 


#2 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 October 2008 - 06:40 AM

upupupup!!!!

#3 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 October 2008 - 11:17 AM

no one can help me? T_T

#4 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 October 2008 - 08:09 PM

REPLY PLEASEE!!! HELP NEEDED!!!

#5 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 October 2008 - 08:18 AM

HELP!!!!!!!!!!!! IM DESPERATEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEEE

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 AM

Posted 11 October 2008 - 04:13 PM

Hi AsnTsunami,

I am sorry for the delay as we get at times overwhelmed with the amount of logs and the limited volunteers.

The truth is that bumping might delay replying to the request in two ways. Firstly the topic is no more an old one when you bump it, and secondly it might creates the impression by the volunteers that someone is pushy.

Anyway what I see on the log regardless of a minor issue is the small size of the Hijackthis entries.

In order to have a better picture of what is wrong please do the following:

Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the OTViewIt icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Set File age to 60 days.
  • Type in the Custom Scans section: hijackthisbackups
  • Click Run Scan button.
  • Two reports will open, copy and paste them to your reply:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


#7 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 12 October 2008 - 05:56 AM

Im sorry for seeming pushy in any way, im new to this and didnt know.
my sincere apologies!

anyways this is the extras.txt

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.29% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.15 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 97.88 Gb Total Space | 30.83 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 161.14 Gb Total Space | 159.48 Gb Free Space | 98.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FENGWU
Current User Name: Feng Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/09/05 19:15:54 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/12/07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}"=Lineage II
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}"=Skins
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{554E0167-0B53-B866-9512-44B766FABAAF}"=ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}"=CCC Help English
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}"=Catalyst Control Center Graphics Full New
"{6E19F210-3813-4002-B561-94D66AA182B6}"=Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{82E760D8-F344-3DE4-134D-2D782E31AACF}"=Catalyst Control Center Core Implementation
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}"=Catalyst Control Center Graphics Previews Common
"{9D622363-9235-E8F0-380C-D9114D77FB52}"=ccc-core-static
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}"=Dual-Core Optimizer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}"=Catalyst Control Center Graphics Full Existing
"{D6E00160-F372-F959-A54C-ABDE5E03B170}"=ccc-core-preinstall
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}"=Catalyst Control Center Graphics Light
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Instant CD & DVD Burner_is1"=Instant CD & DVD Burner
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.6.5
"Lineage 2 Frintezza Full"=Lineage 2 Frintezza Full 1.2
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2008 5:11:41 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:12:16 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:13:37 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:14:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:17:09 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:18:21 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 9:12:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2008 7:21:46 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

Error - 10/10/2008 3:40:01 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application Game_Guard.des, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2008 5:49:04 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

[ System Events ]
Error - 10/8/2008 7:53:54 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 2:54:59 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 5:31:18 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:20:54 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:21:03 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/9/2008 7:43:10 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:16 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:36 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 3:44:23 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 6:49:22 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library


< End of report >



OTViewIt.txt

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.29% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.15 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 97.88 Gb Total Space | 30.83 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 161.14 Gb Total Space | 159.48 Gb Free Space | 98.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FENGWU
Current User Name: Feng Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/09/05 19:15:54 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/12/07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}"=Lineage II
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}"=Skins
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{554E0167-0B53-B866-9512-44B766FABAAF}"=ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}"=CCC Help English
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}"=Catalyst Control Center Graphics Full New
"{6E19F210-3813-4002-B561-94D66AA182B6}"=Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{82E760D8-F344-3DE4-134D-2D782E31AACF}"=Catalyst Control Center Core Implementation
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}"=Catalyst Control Center Graphics Previews Common
"{9D622363-9235-E8F0-380C-D9114D77FB52}"=ccc-core-static
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}"=Dual-Core Optimizer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}"=Catalyst Control Center Graphics Full Existing
"{D6E00160-F372-F959-A54C-ABDE5E03B170}"=ccc-core-preinstall
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}"=Catalyst Control Center Graphics Light
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Instant CD & DVD Burner_is1"=Instant CD & DVD Burner
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.6.5
"Lineage 2 Frintezza Full"=Lineage 2 Frintezza Full 1.2
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2008 5:11:41 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:12:16 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:13:37 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:14:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:17:09 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:18:21 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 9:12:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2008 7:21:46 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

Error - 10/10/2008 3:40:01 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application Game_Guard.des, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2008 5:49:04 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

[ System Events ]
Error - 10/8/2008 7:53:54 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 2:54:59 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 5:31:18 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:20:54 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:21:03 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/9/2008 7:43:10 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:16 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:36 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 3:44:23 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 6:49:22 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library


< End of report >

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 AM

Posted 12 October 2008 - 06:57 AM

It is OK, it happened without knowing or intending.


Could you please post OTViewIt.txt too?

#9 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 12 October 2008 - 07:55 AM

i posted the oTView

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.29% Memory free
4.00 Gb Paging File | 3.22 Gb Available in Paging File | 80.41% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.15 Gb Free Space | 54.16% Space Free | Partition Type: NTFS
Drive D: | 97.88 Gb Total Space | 30.83 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 161.14 Gb Total Space | 159.48 Gb Free Space | 98.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FENGWU
Current User Name: Feng Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 60 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 14:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
[2008/09/05 19:15:54 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/12/07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - Microsoft OLE DB Moniker Binder for Internet Publishing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2002/05/24 12:22:16 | 00,532,480 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/12/07 15:08:02 | 01,934,672 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler])

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}"=ATI Catalyst Control Center
"{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}"=Lineage II
"{0A7FBF0B-F96C-B34F-7627-0F93C9A8FABD}"=Skins
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}"=Windows Live Mail
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}"=Windows Live Messenger
"{554E0167-0B53-B866-9512-44B766FABAAF}"=ccc-utility
"{55574205-0833-A7A2-FD0D-D1520E5469DD}"=CCC Help English
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.6
"{6A4C13C8-39F5-305C-44DE-CD26E1DE0DD6}"=Catalyst Control Center Graphics Full New
"{6E19F210-3813-4002-B561-94D66AA182B6}"=Atheros Communications Inc.® L1 Gigabit Ethernet Driver
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}"=Microsoft .NET Framework 2.0
"{82E760D8-F344-3DE4-134D-2D782E31AACF}"=Catalyst Control Center Core Implementation
"{91BFB889-7BDE-E3BB-A622-068DB5202B0F}"=Catalyst Control Center Graphics Previews Common
"{9D622363-9235-E8F0-380C-D9114D77FB52}"=ccc-core-static
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}"=Dual-Core Optimizer
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}"=Windows Live installer
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live Sign-in Assistant
"{C9DD3547-2B8B-B451-F479-30F8B05ED6D6}"=Catalyst Control Center Graphics Full Existing
"{D6E00160-F372-F959-A54C-ABDE5E03B170}"=ccc-core-preinstall
"{E5D3E730-1EF6-7876-358A-41C0E61475F5}"=Catalyst Control Center Graphics Light
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}"=Catalyst Control Center - Branding
"All ATI Software"=ATI - Software Uninstall Utility
"ATI Display Driver"=ATI Display Driver
"Instant CD & DVD Burner_is1"=Instant CD & DVD Burner
"KLiteCodecPack_is1"=K-Lite Mega Codec Pack 3.6.5
"Lineage 2 Frintezza Full"=Lineage 2 Frintezza Full 1.2
"Microsoft .NET Framework 2.0"=Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.1)"=Mozilla Firefox (3.0.1)
"Teamspeak 2 RC2_is1"=TeamSpeak 2 RC2
"WinRAR archiver"=WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2008 5:11:41 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:12:16 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:13:37 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:14:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:17:09 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/16/2008 5:18:21 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application InstantCDBurner.exe, version 2.9.5.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/21/2008 9:12:42 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/10/2008 7:21:46 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

Error - 10/10/2008 3:40:01 PM | Computer Name = FENGWU | Source = Application Hang | ID = 1002
Description = Hanging application Game_Guard.des, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2008 5:49:04 AM | Computer Name = FENGWU | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 469cdc9c, P4 mscorlib,
P5 2.0.0.0, P6 4333ab80, P7 10ed, P8 0, P9 system.objectdisposedexception, P10
NIL.

[ System Events ]
Error - 10/8/2008 7:53:54 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 2:54:59 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 5:31:18 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:20:54 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/8/2008 6:21:03 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/9/2008 7:43:10 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:16 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 8:33:36 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 3:44:23 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library

Error - 10/11/2008 6:49:22 PM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
Description = CPLIB :: Open Session - Failed to load the library


< End of report >

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 AM

Posted 12 October 2008 - 09:52 AM

You have posted the extras.txt trice, twice in the same post and once more in the last post. As you may notice the heading and the content are the same for all three logs you have posted. What I need to see is OTViewIt.txt not extras.txt, it is the other log and doesn't resembles this log.

Im sorry for seeming pushy in any way, im new to this and didnt know.
my sincere apologies!

anyways this is the extras.txt

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



< End of report >



OTViewIt.txt <----------- this is yours the log is the same as above.

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy




i posted the oTView

OTViewIt Extras logfile created on: 10/12/2008 12:55:04 PM - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy



#11 AsnTsunami

AsnTsunami
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 12 October 2008 - 10:13 AM

im so sry xD, forgive my noobness~!! hope this one is the right one~

OTViewIt logfile created on: 10/12/2008 5:12:17 PM - Run 3
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Feng Wu\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.71% Memory free
4.00 Gb Paging File | 2.84 Gb Available in Paging File | 71.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 21.15 Gb Free Space | 54.15% Space Free | Partition Type: NTFS
Drive D: | 97.88 Gb Total Space | 30.83 Gb Free Space | 31.49% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 161.14 Gb Total Space | 159.48 Gb Free Space | 98.97% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FENGWU
Current User Name: Feng Wu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/08/21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2008/08/21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
[2002/04/12 02:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
[2001/12/13 02:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe
[2007/07/05 16:08:00 | 16,380,416 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2007/12/07 15:08:02 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
[2007/10/18 11:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[2007/12/07 15:08:02 | 02,051,016 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe
[2004/08/04 14:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008/09/28 23:01:34 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe
[2004/08/04 14:00:00 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[2007/09/20 10:35:36 | 00,118,336 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/02/18 01:58:18 | 01,610,887 | ---- | M] (BAKE ICE) -- C:\Program Files\Lineage II\Frintezza.exe
[2008/01/29 17:33:52 | 00,495,636 | -H-- | M] () -- C:\Program Files\Lineage II\system\Game_Guard.des
[2008/01/29 17:33:52 | 00,495,636 | -H-- | M] () -- C:\Program Files\Lineage II\system\Game_Guard.des
[2008/01/29 17:33:52 | 00,495,636 | -H-- | M] () -- C:\Program Files\Lineage II\system\Game_Guard.des
[2003/08/29 16:13:04 | 01,436,160 | ---- | M] (Dominating Bytes Design) -- C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
[2008/10/12 12:53:43 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Feng Wu\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/21 04:05:57 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/20 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
[2002/04/12 02:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service [Auto | Running])
[2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/06/29 14:47:34 | 00,034,304 | ---- | M] (AMD, Inc.) -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD [On_Demand | Running])
File not found -- C:\DOCUME~1\FENGWU~1\LOCALS~1\Temp\AMDPCI.sys -- (AMDPCI [On_Demand | Stopped])
[2007/04/16 21:46:00 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM [System | Running])
[2008/02/24 14:27:00 | 00,037,376 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001 [On_Demand | Running])
[2008/08/21 06:52:41 | 03,299,840 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2004/10/15 12:50:20 | 00,015,295 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb [On_Demand | Stopped])
[2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2007/07/10 09:56:00 | 04,449,280 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
[2004/08/13 12:56:20 | 00,005,810 | R--- | M] () -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor [On_Demand | Running])
[2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2004/08/04 14:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/07/24 22:09:40 | 00,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\Program Files\Lineage II\system\npkcrypt.sys -- (npkcrypt [On_Demand | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.nl/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.nl/

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

Hosts file not found

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Alcmtr"=ALCMTR.EXE (Realtek Semiconductor Corp.)
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
"RTHDCPL"=RTHDCPL.EXE (Realtek Semiconductor Corp.)
"SkyTel"=SkyTel.EXE (Realtek Semiconductor Corp.)
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1957994488-1292428093-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/08/04 01:06:34 | 01,667,584 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery
Extension\.pdf: Adobe Acrobat -- C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll [2008/06/11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.)

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1220216946812 -- WUWebControl Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://www.update.microsoft.com/microsoftu...b?1223428298424 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07

========== (O17) DNS Name Servers ==========

{AF0D642A-E3E2-45E1-8846-2FE6843D3E7E} (Servers: | Description: Atheros L1 Gigabit Ethernet 10/100/1000Base-T Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/08/31 22:12:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/12 12:53:43 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Feng Wu\Desktop\OTViewIt.exe
[2008/10/10 23:52:54 | 00,020,537 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strngr.srt
[2008/10/10 23:52:54 | 00,005,675 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\the.strangers.(3344949).nfo
[2008/10/10 23:37:09 | 02,674,688 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.sub
[2008/10/10 23:37:09 | 00,056,492 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.idx
[2008/10/10 23:37:00 | 73,397,2480 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.avi
[2008/10/09 19:47:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/10/09 19:47:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Application Data\Sun
[2008/10/09 19:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2008/10/09 19:46:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/10/09 13:01:33 | 00,488,448 | ---- | C] () -- C:\Documents and Settings\Feng Wu\Desktop\e-ticket_SJT17Y_5069603.doc
[2008/10/08 14:53:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2008/10/08 14:44:25 | 00,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
[2008/10/08 14:44:24 | 00,000,000 | ---D | C] -- C:\Program Files\AMD
[2008/10/08 14:44:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\Downloaded Installations
[2008/10/08 14:40:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\TouchStoneSoftware
[2008/10/08 03:22:02 | 00,270,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2008/10/08 03:22:02 | 00,029,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2008/10/08 03:13:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2008/10/08 03:11:57 | 00,025,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/10/08 02:53:24 | 00,005,174 | ---- | C] () -- C:\WINDOWS\System32\nppt9x.vxd
[2008/10/08 02:53:24 | 00,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\WINDOWS\System32\npptNT2.sys
[2008/10/08 02:39:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Application Data\InstallShield
[2008/10/07 00:55:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/10/06 23:45:27 | 00,000,000 | ---D | C] -- C:\Program Files\Lineage II
[2008/10/01 20:26:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Feng Wu\Application Data\Brother
[2008/10/01 20:25:12 | 00,000,477 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/01 20:25:12 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/01 20:25:10 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2008/10/01 20:25:10 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/10/01 20:21:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/10/01 20:21:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/10/01 20:21:34 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2008/10/01 20:21:34 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2008/10/01 20:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\Adobe
[2008/10/01 20:16:44 | 00,000,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/10/01 20:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/10/01 20:16:25 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/10/01 20:16:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/10/01 20:16:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008/10/01 20:16:16 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2008/10/01 20:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Desktop\Adobe Reader 9 Installer
[2008/10/01 20:15:26 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2008/10/01 20:15:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/29 17:19:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Application Data\vlc
[2008/09/29 17:18:53 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2008/09/23 21:10:30 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/09/22 12:21:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\Identities

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2008/10/12 12:53:43 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Feng Wu\Desktop\OTViewIt.exe
[2008/10/12 11:55:35 | 00,000,656 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\Frintezza.lnk
[2008/10/12 11:49:37 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\Feng Wu\My Documents\My Sharing Folders.lnk
[2008/10/12 11:48:58 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/12 11:48:57 | 00,044,964 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2008/10/12 11:48:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/12 03:53:16 | 06,416,386 | -H-- | M] () -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\IconCache.db
[2008/10/12 01:53:43 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 19:20:26 | 00,000,477 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2008/10/11 19:20:26 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2008/10/11 13:22:50 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/10 00:27:56 | 00,020,537 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strngr.srt
[2008/10/10 00:27:56 | 00,005,675 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\the.strangers.(3344949).nfo
[2008/10/09 13:01:35 | 00,488,448 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\e-ticket_SJT17Y_5069603.doc
[2008/10/08 14:53:48 | 00,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/08 14:44:31 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2008/10/08 02:45:43 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/10/06 20:52:13 | 02,674,688 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.sub
[2008/10/06 20:52:12 | 00,056,492 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.idx
[2008/10/06 20:40:40 | 73,397,2480 | ---- | M] () -- C:\Documents and Settings\Feng Wu\Desktop\dash-strangers.avi
[2008/10/01 20:25:10 | 00,000,184 | ---- | M] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2008/10/01 20:25:10 | 00,000,030 | ---- | M] () -- C:\WINDOWS\System32\brss01a.ini
[2008/10/01 20:16:44 | 00,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2008/10/01 20:16:25 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2008/09/28 20:36:30 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winlogon.exe
[2008/09/23 21:10:30 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
< End of report >

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 AM

Posted 12 October 2008 - 11:39 AM

No apology needed, I know it is confusing for many users.

  • Your log(s) show that you are using so called peer-to-peer or file-sharing programs (in your case µTorrent). These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

    It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

    Note: The startup entry pointing at ALCMTR.EXE is an "Sypware" entry related to Realtek used silently to monitor one's actions. It is not a sinister one and you can remove the start up entry without affecting the function of Realtek software. We have just removed the start up entry but not the files itself.Notice that you should not remove the file itself because it is needed for the subsequent updating of the software.

  • You are missing one important program on that computer: An antivirus.
    This is somewhat suicidal in today's digital world.
    You need to install an antivirus program as soon as you can. Besides the paid antivirus programs there are also some free antivirus programs::
  • I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.
    Click for more information on:Understanding and Using Firewalls
    There are several good free programs available like:
    Sunbelt-Kerio
    Comodo Firewall Pro
    Online Armor Free edition

    Note: If you decide to install Comodo, while installing uncheck the option related to Ask Toolbar.

  • Apart from that your log looks clean. Your problem is not malware related.
    I think when you reformatted you have installed new drivers. The drivers you have installed have bugs and the trouble starts from there. Looking at the log I see two recent instances of failing Catalyst Control Center and more instances of failing ati2mtag which is the ATI Display Driver. There is where you have to search for the solution. Sometime you have to roll back the driver to a previous version, but this doesn't apply to you. Sometimes finding the most recent driver, uninstalling the old driver, installing the updated one helps.

    In any case knowing your problem is not malware related you may start a topic here http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

    You may mention the following error in you post:

    [ System Events ]
    Error - 10/8/2008 7:53:54 AM | Computer Name = FENGWU | Source = ati2mtag | ID = 52225
    Description = CPLIB :: Open Session - Failed to load the library


Good luck!.

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:42 AM

Posted 21 October 2008 - 02:34 AM

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.

This applies only to the original topic starter. Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users