Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Bigdlat hyjack this log please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Bigdlat hyjack this log please help

Unread postby bigdalt » April 22nd, 2008, 10:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:12 PM, on 4/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dalton\Desktop\virus stuff\Bigdalt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top
Advertisement
Register to Remove

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » April 25th, 2008, 8:48 am

Hi,

Your HijackThis is old. You posted on 23rd April (GMT + 8), but a HijackThis scan was taken on the 15th April.

Your HijackThis log is also rather short. I need to see some details.

Please do the following:

  1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  2. Save all your work and close all opened programs.
  3. Double click on dss.exe to run it. Follow the prompts.
  4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » April 26th, 2008, 9:48 pm

Deckard's System Scanner v20071014.68
Run by Dalton on 2008-04-26 20:41:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dalton.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:02 PM, on 4/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dalton\Desktop\dss.exe
C:\DOCUME~1\Dalton\Desktop\VIRUSS~1\Dalton.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-1343024091-1336601894-839522115-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1343024091-1336601894-839522115-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4330 bytes

-- Files created between 2008-03-26 and 2008-04-26 -----------------------------

2008-04-19 21:14:10 0 d-------- C:\Program Files\MySpace
2008-04-19 20:00:14 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-14 19:41:16 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 17:07:34 0 d-------- C:\Documents and Settings\Dalton\.housecall6.6
2008-04-13 17:06:39 0 d-------- C:\WINDOWS\Sun
2008-04-13 15:48:24 0 d--hs---- C:\WINDOWS\CSC
2008-04-07 10:02:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-07 09:25:40 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-04-07 09:24:58 35738 --a------ C:\WINDOWS\hosts
2008-04-02 20:31:01 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-02 20:31:01 2551 --a------ C:\WINDOWS\unins000.dat
2008-04-02 18:57:34 0 d-------- C:\Program Files\SpywareBlaster
2008-04-02 18:55:41 0 d-------- C:\Program Files\Panda Security
2008-04-01 23:31:19 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-01 20:11:42 1092 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-01 16:41:44 0 d-------- C:\Documents and Settings\Dalton\Incomplete
2008-03-29 10:36:19 0 d-------- C:\Documents and Settings\Dalton\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-04-26 19:25:57 0 d-------- C:\Documents and Settings\Dalton\Application Data\U3
2008-04-26 16:54:15 0 d-------- C:\Program Files\LimeWire
2008-04-19 20:00:14 0 d-------- C:\Program Files\Common Files
2008-04-15 21:26:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-13 16:06:35 0 d-------- C:\Program Files\Java
2008-04-13 15:33:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 22:02:24 0 d-------- C:\Documents and Settings\Dalton\Application Data\Ventrilo
2008-03-25 22:00:49 0 d-------- C:\Program Files\Ventrilo
2008-03-25 19:35:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-03 20:09:52 0 d-------- C:\Documents and Settings\Dalton\Application Data\Adobe
2008-03-03 20:09:37 1158 --a------ C:\WINDOWS\mozver.dat
2008-02-27 18:30:00 0 d-------- C:\Program Files\Seabyrd Technologies
2008-02-27 17:38:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-27 16:52:36 0 d-------- C:\Documents and Settings\Dalton\Application Data\Grisoft


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 03:32 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dalton^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Dalton\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
"C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsLime]
"C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a89c12-da34-11dc-84b2-0016e6826927}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d7d25-befa-11db-82ed-0016e6826927}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-26 20:42:16 ------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » April 27th, 2008, 8:40 am

Hi,

You've not posted extra.txt file. It can be found here - C:\Deckard\System Scanner\extra.txt

Please go to Virus Total or Jotti and upload C:\WINDOWS\system\SysSD.dll for scanning.

For Virus Total

  1. Please copy and paste C:\WINDOWS\system\SysSD.dll in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\WINDOWS\system\SysSD.dll in the text box next to the Browse button.
  2. Click on Submit.

In your next reply, please post:

  1. DSS extra.txt (C:\Deckard\System Scanner\extra.txt)
  2. Virus Total or Jotti's scan results of C:\WINDOWS\system\SysSD.dll
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » April 28th, 2008, 9:44 pm

File SysSD.dll received on 04.29.2008 01:45:31 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result:
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2008.4.29.0 2008.04.28 -
AntiVir 7.8.0.10 2008.04.28 -
Authentium 4.93.8 2008.04.27 -
Avast 4.8.1169.0 2008.04.28 -
AVG 7.5.0.516 2008.04.28 -
BitDefender 7.2 2008.04.28 -
CAT-QuickHeal 9.50 2008.04.28 -
ClamAV 0.92.1 2008.04.29 -
DrWeb 4.44.0.09170 2008.04.29 -
eSafe 7.0.15.0 2008.04.28 -
eTrust-Vet 31.3.5743 2008.04.29 -
Ewido 4.0 2008.04.28 -
F-Prot 4.4.2.54 2008.04.28 -
F-Secure 6.70.13260.0 2008.04.29 -
FileAdvisor 1 2008.04.29 -
Fortinet 3.14.0.0 2008.04.28 -
Ikarus T3.1.1.26 2008.04.29 -
Kaspersky 7.0.0.125 2008.04.29 -
McAfee 5283 2008.04.28 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3061 2008.04.28 -
Norman 5.80.02 2008.04.28 -
Panda 9.0.0.4 2008.04.27 -
Prevx1 V2 2008.04.29 -
Rising 20.42.02.00 2008.04.28 -
Sophos 4.28.0 2008.04.29 -
Sunbelt 3.0.1056.0 2008.04.17 -
Additional information
File size: 63 bytes
MD5...: 32d30ac76911ff1fe5425ab7a37ca142
SHA1..: e37f2b5ed8874ee37599adb06f4b8d66b6536a4b
SHA256: def17372aa1c48de2e29b8a5144b46bfd374d1fd76aac2c638b99ccb536f2724
SHA512: 044c159dc4f516da1626871890747837b436cc44def068d6e3bf8a1d94b1d13d
81f41be1f59ec8f2e1903ee364687b97f396530389ba8b705ef07bfeab07859b
PEiD..: -

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of Memory in Use: 51%
Physical Memory (total/avail): 1023.48 MiB / 497.55 MiB
Pagefile Memory (total/avail): 2461.8 MiB / 1946.3 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.27 GiB total, 20.26 GiB free.
D: is Fixed (FAT32) - 37.24 GiB total, 37.19 GiB free.
E: is CDROM (CDFS)
F: is Fixed (NTFS) - 37.31 GiB total, 28.4 GiB free.

\\.\PHYSICALDRIVE0 - SAMSUNG SV4002H - 37.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.31 GiB - F:

\\.\PHYSICALDRIVE1 - WDC WD800JD-08MSA1 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 37.25 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.516 v7.5.516 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Documents and Settings\\Dalton\\My Documents\\nexuiz-v222\\Nexuiz\\nexuiz.exe"="C:\\Documents and Settings\\Dalton\\My Documents\\nexuiz-v222\\Nexuiz\\nexuiz.exe:*:Enabled:Nexuiz"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"F:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"="F:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\utorrent.exe"="F:\\utorrent.exe:*:Disabled:µTorrent"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Disabled:µTorrent"
"C:\\Documents and Settings\\Dalton\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Dalton\\Desktop\\utorrent.exe:*:Disabled:µTorrent"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Disabled:ArmyOps"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Disabled:BitTorrent"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Disabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"F:\\World of Warcraft\\Repair.exe"="F:\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Disabled:Battlefield 2"
"C:\\Documents and Settings\\Dalton\\Application Data\\U3\\0000183B67761385\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe"="C:\\Documents and Settings\\Dalton\\Application Data\\U3\\0000183B67761385\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\skype.exe:*:Enabled:Skype"
"F:\\World of Warcraft\\BackgroundDownloader.exe"="F:\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Disabled:Kazaa"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dalton\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADVREPAI-0A96DA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dalton
LOGONSERVER=\\ADVREPAI-0A96DA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dalton\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dalton\LOCALS~1\Temp
USERDOMAIN=ADVREPAI-0A96DA
USERNAME=Dalton
USERPROFILE=C:\Documents and Settings\Dalton
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Dalton (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{75407955-8BC7-4257-B785-ED3A4D0707B4}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Battlefield 2: Deluxe Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
BlackBerry Desktop Software 4.2 --> MsiExec.exe /I{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
BlackBerry Desktop Software 4.2 --> MsiExec.exe /i{37E1EB56-C59B-4C5C-B0B3-B5076046EF8A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Decoder Pak for Windows XP --> MsiExec.exe /X{92C5DB3D-9D6F-4324-BB11-57825F4C2635}
FaxTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
G-Force --> C:\Program Files\SoundSpectrum\G-Force\Uninstall.exe
HijackThis 2.0.2 --> "C:\Documents and Settings\Dalton\Desktop\virus stuff\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
HP Software Update --> MsiExec.exe /X{B81023A5-71ED-46EB-BE3B-9F974D1155F1}
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Lexmark X5100 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Dalton\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Philips Device Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}\setup.exe" -l0x9 -removeonly
Philips Device Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57F06897-6735-4B97-9DF3-DE8BC27879D4}\setup.exe" -l0x9 -removeonly
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\SETUP.EXE" -l0x9 -removeonly
RollerCoaster Tycoon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}\Setup.exe" -l0x9
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
The Sims Superstar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A7F8DF6-5A3E-4CDF-BC82-BE26B407E21B}\setup.exe" -l0009
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WildBlue Optimizer Ver 2007-02-08 --> "C:\Program Files\WildBlue\unins000.exe"
Winamp (remove only) --> "D:\New Folder\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (7)\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type141 / Error
Event Submitted/Written: 04/02/2008 06:44:39 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpywareTerminator.exe, version 2.1.1.314, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type140 / Error
Event Submitted/Written: 04/02/2008 06:30:15 PM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 462403724.

Event Record #/Type139 / Error
Event Submitted/Written: 04/02/2008 06:30:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hijackthis.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type138 / Error
Event Submitted/Written: 04/02/2008 06:26:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hijackthis.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type137 / Error
Event Submitted/Written: 04/02/2008 06:26:19 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application hijackthis.exe, version 2.0.0.2, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type9694 / Error
Event Submitted/Written: 04/02/2008 06:16:10 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type9693 / Error
Event Submitted/Written: 04/02/2008 06:16:05 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type9692 / Error
Event Submitted/Written: 04/02/2008 06:15:58 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type9691 / Error
Event Submitted/Written: 04/02/2008 06:15:51 PM
Event ID/Source: 7 / Cdrom
Event Description:
The device, \Device\CdRom0, has a bad block.

Event Record #/Type9671 / Error
Event Submitted/Written: 04/02/2008 08:14:10 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Print Spooler service depends on the LexBce Server service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2008-04-02 19:25:15 ------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » April 29th, 2008, 12:46 am

Hi,

Please backup your registry before proceeding to any of the steps.

Download ERUNT from Derfisch or Aumha and save it to your desktop.

Follow the steps from Creating a Backup Copy of the Windows XP Registry section of this site to back up your registry: http://billjr.spaces.live.com/blog/cns!28CBD6442F406227!292.entry

Step 1

Please disable Teatimer temporarily as it may interfere with the fixes.

  1. Right click the Spybot Icon in the system tray near the clock (looks like a blue/white calendar with a padlock symbol) and click on Exit Spybot-S&D Resident.
  2. Go to Start > All Programs > Spybot - Search & Destroy > Spybot Search & Destroy.
  3. Click on Mode > Advanced Mode. When it prompts you, click Yes.
  4. On the left hand side, click on Tools.
  5. Check (tick) this box if it is not yet ticked: Resident.
  6. You will notice that Resident is now added under Tools. Click on Resident.
  7. Uncheck (untick) this box: Resident "TeaTimer" (Protection of over-all system settings) active.
  8. Exit Spybot Search & Destroy.
  9. Restart your computer for the changes to take effect.

Step 2

Please open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\\utorrent.exe"=-
"C:\\Program Files\\utorrent\\utorrent.exe"=-
"C:\\Documents and Settings\\Dalton\\Desktop\\utorrent.exe"=-
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=-
"C:\\Program Files\\LimeWire\\LimeWire.exe"=-
"C:\\StubInstaller.exe"=-
"C:\\Program Files\\Kazaa\\kazaa.exe"=-


Click on File > Save As....

In the File Name box, copy and paste in fix.reg

In the Save As Type box, select All Files from the drop-down list.

Click Save.

Double click on fix.reg to run it. Windows will prompt if you want to merge this file with the registry. Click Yes.

Step 3

Please download OTMoveIt2.exe by OldTimer and save it to your desktop.

Double click on OTMoveIt2.exe to run it.

Copy and paste the following in the Code box into OTMoveIt (1).

Note: Do not type it out to minimize the risk of typo error.

Code: Select all
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\tmp.reg


Click on MoveIt! (2).

When done, click on Exit (3).

Note: If a file or folder can't be moved immediately, you may asked to restart your computer. Please choose Yes.

Please refer to this picture for using OTMoveIt.

Image

The log will be produced at C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers. Please post this log in your next reply.

Step 4

Please double click on dss.exe to run it again. When done, Notepad will open. Please post the contents of this Notepad file in your next reply.

In your next reply, please post:

  1. OTMoveIt2 log (C:\_OTMoveIt\MovedFiles\date_time.log, where date_time are numbers)
  2. DSS log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » April 29th, 2008, 10:55 pm

LoadLibrary failed for C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system\SysSD.dll NOT unregistered.
C:\WINDOWS\system\SysSD.dll moved successfully.
C:\WINDOWS\system32\tmp.reg moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04292008_215034


Deckard's System Scanner v20071014.68
Run by Dalton on 2008-04-29 21:52:12
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Dalton.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:52:18 PM, on 4/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dalton\Desktop\dss.exe
C:\DOCUME~1\Dalton\Desktop\VIRUSS~1\Dalton.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan ... stubie.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 4194 bytes

-- Files created between 2008-03-29 and 2008-04-29 -----------------------------

2008-04-19 21:14:10 0 d-------- C:\Program Files\MySpace
2008-04-19 20:00:14 0 d-------- C:\Program Files\Common Files\EasyInfo
2008-04-14 19:41:16 0 d-------- C:\WINDOWS\system32\ActiveScan
2008-04-13 17:07:34 0 d-------- C:\Documents and Settings\Dalton\.housecall6.6
2008-04-13 17:06:39 0 d-------- C:\WINDOWS\Sun
2008-04-13 15:48:24 0 d--hs---- C:\WINDOWS\CSC
2008-04-07 10:02:25 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-07 09:24:58 35738 --a------ C:\WINDOWS\hosts
2008-04-02 20:31:01 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-02 20:31:01 2551 --a------ C:\WINDOWS\unins000.dat
2008-04-02 18:57:34 0 d-------- C:\Program Files\SpywareBlaster
2008-04-02 18:55:41 0 d-------- C:\Program Files\Panda Security
2008-04-01 23:31:19 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-01 16:41:44 0 d-------- C:\Documents and Settings\Dalton\Incomplete
2008-03-29 10:36:19 0 d-------- C:\Documents and Settings\Dalton\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2008-04-26 19:30:59 0 d-------- C:\Documents and Settings\Dalton\Application Data\U3
2008-04-26 16:54:15 0 d-------- C:\Program Files\LimeWire
2008-04-19 20:00:14 0 d-------- C:\Program Files\Common Files
2008-04-15 21:26:56 0 d-------- C:\Program Files\Hewlett-Packard
2008-04-13 16:06:35 0 d-------- C:\Program Files\Java
2008-04-13 15:33:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-25 22:02:24 0 d-------- C:\Documents and Settings\Dalton\Application Data\Ventrilo
2008-03-25 22:00:49 0 d-------- C:\Program Files\Ventrilo
2008-03-25 19:35:49 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-03-03 20:09:52 0 d-------- C:\Documents and Settings\Dalton\Application Data\Adobe
2008-03-03 20:09:37 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/08/2007 04:24 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [12/11/2007 11:56 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [02/01/2008 03:32 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

C:\Documents and Settings\Dalton\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [10/20/2005 12:04:08 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dalton^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Dalton\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
"C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
"C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\Program Files\Norton Internet Security\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
"C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsLime]
"C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02a89c12-da34-11dc-84b2-0016e6826927}]
AutoRun\command- G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{853d7d25-befa-11db-82ed-0016e6826927}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-04-29 21:52:30 ------------
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » April 29th, 2008, 11:56 pm

Hi,

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit/Malware tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

  1. Gmer scan report
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » April 30th, 2008, 7:16 pm

when i ran gmer it did the scan but when i was trying to save the information from the scan this blue screen pped up and said windows had to shut down and then i tired to do the scan agian the same screen popped up
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » May 1st, 2008, 12:16 am

We will try another one.

  1. Please download F-Secure Blacklight and save it to C drive.
  2. Click on Start >Run and copy and paste in the following: C:\fsbl.exe /expert. Click OK.
  3. You will be shown a license agreement. Read through it and select I accept the agreement. Click Next.
  4. Click on Scan.
  5. Once the scan is done, close F-Secure Blacklight. Don't rename anything found!
  6. A log will be produced on your C drive. It's named fsbl-XXXXXXXXXXXXXX.log, where the XXXXXXXXXXXXXX are numbers. Please post this log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » May 1st, 2008, 7:11 pm

05/01/08 17:50:18 [Info]: BlackLight Engine 1.0.70 initialized
05/01/08 17:50:18 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/01/08 17:50:18 [Note]: 7019 4
05/01/08 17:50:18 [Note]: 7005 0
05/01/08 17:50:20 [Note]: 7006 0
05/01/08 17:50:20 [Note]: 7011 1552
05/01/08 17:50:20 [Note]: 7035 0
05/01/08 17:50:20 [Note]: 7026 0
05/01/08 17:50:20 [Note]: 7026 0
05/01/08 17:50:21 [Note]: FSRAW library version 1.7.1024
05/01/08 17:55:48 [Note]: 2000 1012
05/01/08 17:55:48 [Note]: 2000 1012
05/01/08 17:55:48 [Note]: 2000 1012
05/01/08 18:10:18 [Note]: 7007 0
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » May 2nd, 2008, 1:13 am

Hi,

  1. Please download OTScanIt.exe from Bleeping Computer by OldTimer and save it to your desktop.
  2. Double click on OTScanIt.exe to run it.
  3. Click on Extract. Once done, you will be prompted. Click OK and click Close.
  4. Double click on the OTScanIt folder. Double click on OTScanIt.exe to run it.
  5. Under Basic Scans section, use these settings:
    • Select Yes for Rootkit Search.
    • Select 90 days for Files Created Within.
    • Select 90 days for Files Modified Within.
  6. Under Additional Scans, tick this box: Evnt - EventViewer Errors/Warnings (last 7 days)
  7. Click on the Run Scan button at the top left hand corner.
  8. OTScanIt will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » May 4th, 2008, 6:38 pm

Code: Select all
OTScanIt logfile created on: 5/4/2008 5:37:28 PM
OTScanIt by OldTimer - Version 1.0.12.0     Folder = C:\Documents and Settings\Dalton\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1023.48 Mb Total Physical Memory | 655.70 Mb Available Physical Memory | 64.07% Memory free
2.40 Gb Paging File | 2.12 Gb Available in Paging File | 88.25% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 18.09 Gb Free Space | 48.54% Space Free | Partition Type: NTFS
Drive D: | 37.24 Gb Total Space | 37.19 Gb Free Space | 99.86% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 37.31 Gb Total Space | 28.40 Gb Free Space | 76.12% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADVREPAI-0A96DA
Current User Name: Dalton
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr =    ]
guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/30/2007 6:56:52 AM | Attr =    ]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/23/2007 10:33:25 AM | Attr =    ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr =    ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.12.0 | Size = 371712 bytes | Modified Date = 5/3/2008 5:27:34 PM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 10/31/2007 3:09:16 PM | Attr =    ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 393216 bytes | Modified Date = 12/11/2005 10:33:44 PM | Attr =    ]
(ATI Smart) ATI Smart [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2sgag.exe ->  [Ver = 5.13.0024 | Size = 520192 bytes | Modified Date = 12/12/2005 12:05:00 AM | Attr =    ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr =    ]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/30/2007 6:56:52 AM | Attr =    ]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 4/23/2007 10:33:25 AM | Attr =    ]
(CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
(IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr =    ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.5.0.20 | Size = 504104 bytes | Modified Date = 12/11/2007 1:10:16 PM | Attr =    ]
(LexBceS) LexBce Server [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 2/28/2003 1:28:34 AM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr =    ]
KernelFaultCheck ->  [%systemroot%\system32\dumprep 0 -k] -> File not found
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 12/11/2007 11:56:54 AM | Attr =    ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] ->  [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 3:32:54 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Dalton Startup Folder > -> C:\Documents and Settings\Dalton\Start Menu\Programs\Startup -> 
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE ->  [Ver =  | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr =    ]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr =    ]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 47104 bytes | Modified Date = 12/11/2005 10:34:56 PM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoCloseDragDropBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoMovingBands -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-111D________________1.23____\46_044473250393439385737204c202020202020 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [] -> F:\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 11/3/2006 2:06:51 PM | Attr =    ]
< HOSTS File > (228410 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
HKEY_LOCAL_MACHINE\: ProxyEnable -> 0 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4285 domain(s) found. -> 
31 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6386 domain(s) found. -> 
38 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =    ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =    ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{20C77CE4-B6A1-47D9-8A8A-C2FFFE1F96D2} ->    (Broadcom 4211 iLine10(tm) Network Adapter) -> 
{2F6A2487-F7A9-4BB3-B22C-B793F95B6E98} ->    (1394 Net Adapter) -> 
{6A70755D-5DC5-4457-A786-9E382360A6A1} ->    (NVIDIA nForce Networking Controller) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> 
text/html:[HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> 
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> 
{32305793-C19A-48E7-AD2F-D87FF7B264A4}[HKEY_LOCAL_MACHINE] -> http://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx[TenebrilSpywareScanner Control] -> 
{48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> 
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> 
{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpywareScannerV2.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpywareScannerV2.ocx\\.Owner -> {32305793-C19A-48E7-AD2F-D87FF7B264A4} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpywareScannerV2.ocx\\{32305793-C19A-48E7-AD2F-D87FF7B264A4} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< EventViewer Logs > -> Errors and Warnings -> Description
Application - Error - 4/28/2008 7:47:04 AM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = ESENT -> Description = wuauclt (700) (null)The database page read from the file CWINDOWSSoftwareDistributionDataStoreDataStoreedb at offset 4890624 (0x00000000004aa000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch  The expected checksum was 3865226262 (0xe662ac16) and the actual checksum was 3865226422 (0xe662acb6)  The read operation will fail with error -1018 (0xfffffc06)  If this condition persists then please restore the database from a previous backup
Application - Error - 4/29/2008 6:55:43 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = ESENT -> Description = wuauclt (2956) (null)The database page read from the file CWINDOWSSoftwareDistributionDataStoreDataStoreedb at offset 22986752 (0x00000000015ec000) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch  The expected checksum was 1178418018 (0x463d3b62) and the actual checksum was 1178418023 (0x463d3b67)  The read operation will fail with error -1018 (0xfffffc06)  If this condition persists then please restore the database from a previous backup
Application - Error - 4/30/2008 5:17:15 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 4/30/2008 5:28:43 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 4/30/2008 5:29:30 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 4/30/2008 5:30:23 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 4/30/2008 5:31:12 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 4/30/2008 5:34:42 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 5/1/2008 5:12:32 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 5/1/2008 5:13:01 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 5/1/2008 5:33:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 5/4/2008 4:30:22 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
Application - Error - 5/4/2008 4:36:45 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Application Error -> Description = 
System - Warning - 4/27/2008 7:45:35 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = WPDMTPDriver -> Description = MTP Protocol Driver has detected that to maintain device responsiveness the driver Philips Philips PTP device PP5022AF-0540-PP07-0540-MG02-0001-DT 21 does not allow album art to be transferred ((10))
System - Warning - 4/28/2008 6:29:39 AM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = W32Time -> Description = The time service has not been able to synchronize the system timefor 49152 seconds because none of the time providers has been able toprovide a usable time stamp The system clock is unsynchronized
System - Warning - 4/28/2008 10:52:21 AM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Tcpip -> Description = 
System - Warning - 4/28/2008 4:55:47 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Tcpip -> Description = 
System - Warning - 4/29/2008 7:24:32 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = WPDMTPDriver -> Description = MTP Protocol Driver has detected that to maintain device responsiveness the driver Philips Philips PTP device PP5022AF-0540-PP07-0540-MG02-0001-DT 21 does not allow album art to be transferred ((10))
System - Warning - 4/29/2008 8:17:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Tcpip -> Description = 
System - Warning - 4/29/2008 8:46:28 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = WPDMTPDriver -> Description = MTP Protocol Driver has detected that to maintain device responsiveness the driver Philips Philips PTP device PP5022AF-0540-PP07-0540-MG02-0001-DT 21 does not allow album art to be transferred ((10))
System - Error - 4/29/2008 8:46:32 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/29/2008 8:46:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:51 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:51 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 4:43:52 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 4/30/2008 4:44:21 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:07:10 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 4/30/2008 5:07:39 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Error - 4/30/2008 5:13:09 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:51 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:51 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:12:51 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 4/30/2008 5:26:40 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 4/30/2008 5:26:57 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Error - 5/1/2008 3:57:46 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 3:57:34 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 5/1/2008 3:57:57 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = System Error -> Description = Error code 00000050 parameter1 ffffff58 parameter2 00000000 parameter3 8054a51a parameter4 00000000
System - Error - 5/1/2008 3:58:01 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = System Error -> Description = Error code 00000050 parameter1 ffffff58 parameter2 00000000 parameter3 8054a51a parameter4 00000000
System - Error - 5/1/2008 3:58:03 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = System Error -> Description = Error code 00000050 parameter1 ffffff58 parameter2 00000000 parameter3 8054a51a parameter4 00000000
System - Error - 5/1/2008 5:22:14 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/1/2008 5:21:56 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 5/1/2008 5:32:09 PM -> Computer Name = ADVREPAI-0A96DA - User Name = ADVREPAI-0A96DA\Dalton - Source = DCOM -> Description = 
System - Error - 5/1/2008 5:32:18 PM -> Computer Name = ADVREPAI-0A96DA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error 31
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The DNS Client service depends on the TCPIP Protocol Driver service which failed to start because of the following error 31
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The TCPIP NetBIOS Helper service depends on the AFD service which failed to start because of the following error 31
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error 31
System - Error - 5/1/2008 5:33:25 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The following boot-start or system-start driver(s) failed to load AFDAmdK8AVG Anti-Spyware DriverAvg7CoreAvg7RsWAvg7RsXPFileDiskFipsIPSecMRxSmbNetBIOSNetBTRasAcdRdbssTcpip
System - Error - 5/1/2008 5:34:45 PM -> Computer Name = ADVREPAI-0A96DA - User Name = NT AUTHORITY\SYSTEM - Source = DCOM -> Description = 
System - Warning - 5/2/2008 6:13:37 AM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Error - 5/2/2008 6:13:58 AM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 5/2/2008 3:29:36 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Dhcp -> Description = Your computer was not able to renew its address from the network (from theDHCP Server) for the Network Card with network address 0016E6826927  The followingerror occurred 1223Your computer will continue to try and obtain an address on its own fromthe network address (DHCP) server
System - Error - 5/2/2008 3:29:46 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = PlugPlayManager -> Description = The device SAMSUNG SV4002H (IDEDiskSAMSUNGSV4002HQP100-0734303331314a5446343130343438000000) disappeared from the system without first being prepared for removal
System - Warning - 5/2/2008 3:30:01 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Ftdisk -> Description = 
System - Warning - 5/2/2008 5:40:22 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Tcpip -> Description = 
System - Error - 5/4/2008 3:51:05 PM -> Computer Name = ADVREPAI-0A96DA - User Name = ADVREPAI-0A96DA\Dalton - Source = DCOM -> Description = 
System - Error - 5/4/2008 4:27:22 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Service Control Manager -> Description = The Print Spooler service depends on the LexBce Server service which failed to start because of the following error 1058
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation
System - Warning - 5/4/2008 4:26:50 PM -> Computer Name = ADVREPAI-0A96DA - User Name = (blank) - Source = Disk -> Description = An error was detected on device DeviceHarddisk1D during a paging operation


[Files/Folders - Created Within 90 days]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 4/2/2008 7:21:53 PM | Attr =    ]
found.000 -> %SystemDrive%\found.000 ->  [Folder | Created Date = 2/27/2008 2:47:20 PM | Attr =  HS]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 4/29/2008 9:50:34 PM | Attr =    ]
AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2/27/2008 4:52:25 PM | Attr =    ]
filedisk.sys -> %SystemRoot%\System32\drivers\filedisk.sys -> Bo Brantén [Ver = 1.0.0.13 | Size = 12928 bytes | Created Date = 2/14/2008 10:29:27 PM | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4381 | Size = 86097 bytes | Created Date = 4/30/2008 5:48:53 PM | Attr =    ]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Created Date = 4/14/2008 7:41:16 PM | Attr =    ]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
asuninst.exe -> %SystemRoot%\System32\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 4/14/2008 7:42:08 PM | Attr =    ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Created Date = 4/1/2008 11:31:19 PM | Attr =    ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Created Date = 4/7/2008 10:02:25 AM | Attr =    ]
FrogASPI.DLL -> %SystemRoot%\System32\FrogASPI.DLL -> Frog ASPI / Millenod [Ver = 0.29.4.10 | Size = 32768 bytes | Created Date = 2/14/2008 10:36:11 PM | Attr =    ]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Created Date = 4/14/2008 7:41:26 PM | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/13/2008 4:06:35 PM | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 4/13/2008 4:06:35 PM | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 4/13/2008 4:06:35 PM | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 4/13/2008 4:06:35 PM | Attr =    ]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Created Date = 4/14/2008 7:41:23 PM | Attr =    ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Created Date = 4/14/2008 7:41:30 PM | Attr =    ]
WNASPINT.DLL -> %SystemRoot%\System32\WNASPINT.DLL -> NexiTech, Inc. [Ver = v1.31c | Size = 86016 bytes | Created Date = 2/14/2008 10:36:09 PM | Attr =    ]
ZPORT4AS.dll -> %SystemRoot%\System32\ZPORT4AS.dll ->  [Ver =  | Size = 11776 bytes | Created Date = 4/14/2008 7:42:08 PM | Attr =    ]
CSC -> %SystemRoot%\CSC ->  [Folder | Created Date = 4/13/2008 3:48:24 PM | Attr =  HS]
9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 4/2/2008 7:22:06 PM | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14205 | Size = 819200 bytes | Created Date = 4/30/2008 5:48:53 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14205 | Size = 761856 bytes | Created Date = 4/30/2008 5:48:53 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Created Date = 4/30/2008 5:48:54 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Created Date = 4/30/2008 5:48:53 PM | Attr =    ]
hosts -> %SystemRoot%\hosts ->  [Ver =  | Size = 35738 bytes | Created Date = 4/7/2008 9:24:58 AM | Attr =    ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1158 bytes | Created Date = 3/3/2008 8:09:37 PM | Attr =    ]
Sun -> %SystemRoot%\Sun ->  [Folder | Created Date = 4/13/2008 5:06:39 PM | Attr =    ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2551 bytes | Created Date = 4/2/2008 8:31:01 PM | Attr =    ]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 4/2/2008 8:31:01 PM | Attr =    ]

[Files/Folders - Modified Within 90 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 223 bytes | Modified Date = 2/27/2008 3:27:17 PM | Attr = RHS]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 4/2/2008 7:21:53 PM | Attr =    ]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 4/19/2008 11:28:40 PM | Attr =    ]
found.000 -> %SystemDrive%\found.000 ->  [Folder | Modified Date = 2/27/2008 2:47:20 PM | Attr =  HS]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 4/29/2008 9:40:05 PM | Attr =    ]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 5/4/2008 5:29:51 PM | Attr =    ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 4/29/2008 9:50:34 PM | Attr =    ]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/27/2008 3:39:13 PM | Attr =    ]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/27/2008 3:39:13 PM | Attr =    ]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 4/13/2008 6:03:52 PM | Attr =    ]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 228410 bytes | Modified Date = 4/13/2008 6:03:52 PM | Attr =    ]
hosts.20080402-212022.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080402-212022.backup ->  [Ver =  | Size = 738 bytes | Modified Date = 4/1/2008 11:20:01 PM | Attr =    ]
hosts.20080413-153959.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080413-153959.backup ->  [Ver =  | Size = 231168 bytes | Modified Date = 4/2/2008 9:20:22 PM | Attr = R  ]
hosts.backup -> %SystemRoot%\System32\drivers\etc\hosts.backup ->  [Ver =  | Size = 231168 bytes | Modified Date = 4/2/2008 9:20:22 PM | Attr = R  ]
hosts.bak -> %SystemRoot%\System32\drivers\etc\hosts.bak ->  [Ver =  | Size = 231100 bytes | Modified Date = 4/13/2008 4:57:26 PM | Attr =    ]
gmer.sys -> %SystemRoot%\System32\drivers\gmer.sys -> GMER [Ver = 1, 0, 14, 4381 | Size = 86097 bytes | Modified Date = 4/30/2008 5:48:53 PM | Attr =    ]
ActiveScan -> %SystemRoot%\System32\ActiveScan ->  [Folder | Modified Date = 4/14/2008 7:42:39 PM | Attr =    ]
5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 5/4/2008 5:06:28 PM | Attr =    ]
d3d8caps.dat -> %SystemRoot%\System32\d3d8caps.dat ->  [Ver =  | Size = 552 bytes | Modified Date = 4/1/2008 11:31:19 PM | Attr =    ]
d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat ->  [Ver =  | Size = 664 bytes | Modified Date = 4/13/2008 4:55:22 PM | Attr =    ]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 4/14/2008 6:01:25 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 4/30/2008 5:48:53 PM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 110192 bytes | Modified Date = 4/14/2008 6:07:45 PM | Attr =    ]
Help.ico -> %SystemRoot%\System32\Help.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 4/14/2008 7:41:30 PM | Attr =    ]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr =    ]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr =    ]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr =    ]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr =    ]
pavas.ico -> %SystemRoot%\System32\pavas.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 4/14/2008 7:41:26 PM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 52968 bytes | Modified Date = 4/1/2008 8:46:13 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 380680 bytes | Modified Date = 4/1/2008 8:46:13 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 439552 bytes | Modified Date = 4/1/2008 8:46:13 PM | Attr =    ]
Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 4/14/2008 7:41:31 PM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 5/4/2008 5:27:26 PM | Attr =    ]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 5/4/2008 5:27:10 PM | Attr =   S]
CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 4/14/2008 8:26:40 PM | Attr =  HS]
9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 4/17/2008 2:34:50 PM | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 4/29/2008 9:46:26 PM | Attr =    ]
gmer.dll -> %SystemRoot%\gmer.dll ->  [Ver = 1, 0, 14, 14205 | Size = 819200 bytes | Modified Date = 4/30/2008 5:48:53 PM | Attr =    ]
gmer.exe -> %SystemRoot%\gmer.exe ->  [Ver = 1, 0, 14, 14205 | Size = 761856 bytes | Modified Date = 4/30/2008 5:48:28 PM | Attr =    ]
@Alternate Data Stream - 26 bytes -> %SystemRoot%\gmer.exe:Zone.Identifier
gmer.ini -> %SystemRoot%\gmer.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 5/1/2008 6:33:06 PM | Attr =    ]
gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd ->  [Ver =  | Size = 80 bytes | Modified Date = 4/30/2008 5:48:53 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 4/14/2008 6:01:26 PM | Attr =    ]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 4/20/2008 12:19:56 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 4/15/2008 9:27:01 PM | Attr =  HS]
MEMORY.DMP -> %SystemRoot%\MEMORY.DMP ->  [Ver =  | Size = 1073303552 bytes | Modified Date = 5/1/2008 6:31:41 PM | Attr =    ]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 5/1/2008 4:57:43 PM | Attr =    ]
mozver.dat -> %SystemRoot%\mozver.dat ->  [Ver =  | Size = 1158 bytes | Modified Date = 3/3/2008 8:09:37 PM | Attr =    ]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 4/13/2008 5:06:39 PM | Attr =    ]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 4/29/2008 9:50:37 PM | Attr =    ]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2/27/2008 3:27:17 PM | Attr =    ]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 4/29/2008 9:50:37 PM | Attr =    ]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/27/2008 3:00:59 PM | Attr =   S]
temp -> %SystemRoot%\temp ->  [Folder | Modified Date = 5/4/2008 5:27:25 PM | Attr =    ]
unins000.dat -> %SystemRoot%\unins000.dat ->  [Ver =  | Size = 2551 bytes | Modified Date = 4/2/2008 8:31:01 PM | Attr =    ]
unins000.exe -> %SystemRoot%\unins000.exe ->  [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 4/2/2008 8:26:48 PM | Attr =    ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 727 bytes | Modified Date = 3/17/2008 4:24:16 PM | Attr =    ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 3/26/2008 11:38:00 PM | Attr =    ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job ->  [Ver =  | Size = 256 bytes | Modified Date = 5/4/2008 5:35:00 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 5/4/2008 5:27:12 PM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 3/9/2007 11:49:45 PM | Attr =    ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 1308 bytes | Modified Date = 4/22/2008 7:03:15 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 4/8/2007 2:22:35 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5536 bytes | Modified Date = 4/22/2008 7:04:22 AM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 4/22/2008 7:04:22 AM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data ->  [Folder | Modified Date = 2/15/2007 12:32:32 AM | Attr =    ]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 10/21/2007 1:03:49 PM | Attr =    ]
C:\Documents and Settings\Dalton\Local Settings\Temp\HPSUYMGO.44I\ -> C:\Documents and Settings\Dalton\Local Settings\Temp\HPSUYMGO.44I\ ->  [Folder | Modified Date = 4/15/2008 9:26:46 PM | Attr =    ]
HPUSelfUpdate.exe -> C:\Documents and Settings\Dalton\Local Settings\Temp\HPSUYMGO.44I\HPUSelfUpdate.exe -> Hewlett-Packard                                              [Ver = 4.0.10.8                                                     | Size = 2650544 bytes | Modified Date = 4/15/2008 9:26:46 PM | Attr =    ]
UpdateDatFix.exe -> C:\Documents and Settings\Dalton\Local Settings\Temp\HPSUYMGO.44I\UpdateDatFix.exe -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 249856 bytes | Modified Date = 4/15/2008 9:25:18 PM | Attr =    ]
C:\Documents and Settings\Dalton\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Dalton\Local Settings\Temp\ICD1.tmp\ ->  [Folder | Modified Date = 4/13/2008 3:57:23 PM | Attr =    ]
jinstall.exe -> C:\Documents and Settings\Dalton\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.19 | Size = 376832 bytes | Modified Date = 4/2/2008 3:18:28 PM | Attr =    ]
C:\Documents and Settings\Dalton\Local Settings\Temp\ICD2.tmp\ -> C:\Documents and Settings\Dalton\Local Settings\Temp\ICD2.tmp\ ->  [Folder | Modified Date = 4/13/2008 4:03:11 PM | Attr =    ]
jinstall.exe -> C:\Documents and Settings\Dalton\Local Settings\Temp\ICD2.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.19 | Size = 376832 bytes | Modified Date = 4/2/2008 3:18:28 PM | Attr =    ]
C:\Documents and Settings\Dalton\Local Settings\Temp\ -> C:\Documents and Settings\Dalton\Local Settings\Temp ->  [Folder | Modified Date = 5/4/2008 5:36:49 PM | Attr =    ]
pmggykyq-0A96DA.dll -> C:\Documents and Settings\Dalton\Local Settings\Temp\pmggykyq-0A96DA.dll ->  [Ver =  | Size = 53248 bytes | Modified Date = 5/4/2008 5:36:49 PM | Attr =    ]
swt-awt-win32-3346.dll -> C:\Documents and Settings\Dalton\Local Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 32768 bytes | Modified Date = 4/26/2008 4:55:43 PM | Attr =    ]
swt-win32-3346.dll -> C:\Documents and Settings\Dalton\Local Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 4/26/2008 4:55:43 PM | Attr =    ]
24 C:\Documents and Settings\Dalton\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dalton\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\Dalton\Local Settings\Temp\ -> C:\Documents and Settings\Dalton\Local Settings\Temp ->  [Folder | Modified Date = 5/4/2008 5:36:49 PM | Attr =    ]
Perflib_Perfdata_7a0.dat -> C:\Documents and Settings\Dalton\Local Settings\Temp\Perflib_Perfdata_7a0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/14/2008 8:24:42 PM | Attr =    ]
Perflib_Perfdata_7a8.dat -> C:\Documents and Settings\Dalton\Local Settings\Temp\Perflib_Perfdata_7a8.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/14/2008 9:00:32 PM | Attr =    ]
Perflib_Perfdata_c0.dat -> C:\Documents and Settings\Dalton\Local Settings\Temp\Perflib_Perfdata_c0.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/13/2008 4:59:43 PM | Attr =    ]
24 C:\Documents and Settings\Dalton\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dalton\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\temp ->  [Folder | Modified Date = 5/4/2008 5:27:25 PM | Attr =    ]
Perflib_Perfdata_934.dat -> C:\WINDOWS\temp\Perflib_Perfdata_934.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/13/2008 3:34:12 PM | Attr =    ]
Perflib_Perfdata_c40.dat -> C:\WINDOWS\temp\Perflib_Perfdata_c40.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/13/2008 3:16:06 PM | Attr =    ]
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\All Users\Application Data\TEMP:27AAAD97 102 bytes
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 115 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

< End of report >
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top

Re: Bigdlat hyjack this log please help

Unread postby ndmmxiaomayi » May 6th, 2008, 1:54 am

Hi,

Sorry for the delay. There's some problems with the results and I'm contacting the developer. When I have results, I will let you know again.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Top

Re: Bigdlat hyjack this log please help

Unread postby bigdalt » May 6th, 2008, 7:47 pm

ok
bigdalt
Regular Member
 
Posts: 35
Joined: April 13th, 2008, 7:20 pm
Top
Advertisement
Register to Remove
Next
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 180 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index