Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

kxvo.exe PLEASE HELP [RESOLVED]


  • This topic is locked This topic is locked

#256
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Volume in drive C has no label.
Volume Serial Number is D89C-F6AE

Directory of C:\Windows\CSC\d8

07/08/2008 09:47 PM <DIR> .
07/08/2008 09:47 PM <DIR> ..
0 File(s) 0 bytes
2 Dir(s) 20,968,001,536 bytes free
  • 0

Advertisements


#257
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi I will need you to tell me what is inside of these folders:

C:\Windows\CSC\d1
C:\Windows\CSC\d2
C:\Windows\CSC\d3
C:\Windows\CSC\d4
C:\Windows\CSC\d5
C:\Windows\CSC\d6
C:\Windows\CSC\d7
C:\Windows\CSC\d8
====================
Also do you get redirects only with Firefox?

If so then please do the following:
Open Firefox and got to Tools>Extentions then check that nothing is there that should'nt be or something that looks like this:

xxx extension 1.0.0
xxx extension for Do


  • 0

#258
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Those folders have nothing in them even if showing hidden files is selected.
I cannot see any Extension selection under options of firefox and the error applies to internet explorer too.
  • 0

#259
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi amm007 I would like for you to do this please.
Update your AVG and then run a full scan with it please.
Let it remove what it finds you can use remove as a power user for certain items if asked.
Copy\paste the report in your next reply please.
=================================
Then ::

Please download RootRepeal to your desktop
  • Unzip it to it's own folder, close all other programs especially your security programs (anti-spyware, anti-virus, and firewall) and run RootRepeal.exe
  • Click the Report tab at the bottom and then the Scan button.
  • A box will pop up, check the boxes beside Drivers, Files, Processes and click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button, call it RepealScan and save the log to your desktop. Post that log here in your reply

  • 0

#260
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
No infections or spywares are found. Only warnings from cookies which I will remove are recorded in AVG. I'll continue on with the next instruction.
  • 0

#261
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
ok.
  • 0

#262
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2008/07/26 22:08
Program Version: Version 1.0.2.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xBA572000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A67000 Size: 8192 File Visible: No
Status: -

Name: RootRepeal.sys
Image Path: C:\WINDOWS\system32\drivers\RootRepeal.sys
Address: 0xB757D000 Size: 40960 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\autorun.inf\lpt3.This folder was created by Flash_Disinfector
Status: Locked to the Windows API!
  • 0

#263
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /config then hit ok.
Place a check next to everything and click on ok or scan.
Post those logs please.
  • 0

#264
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Deckard's System Scanner v20071014.68
Run by Adrian on 2008-07-28 20:47:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
50: 2008-07-28 12:48:03 UTC - RP64 - Deckard's System Scanner Restore Point
49: 2008-07-25 17:32:43 UTC - RP63 - System Checkpoint
48: 2008-07-23 13:20:37 UTC - RP62 - System Checkpoint
47: 2008-07-21 12:59:31 UTC - RP61 - System Checkpoint
46: 2008-07-20 12:48:50 UTC - RP60 - System Checkpoint


-- First Restore Point --
1: 2008-04-24 13:36:13 UTC - RP15 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Adrian.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:39 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSPUB.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adrian\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adrian.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [EPSON Stylus C90 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.EXE /FU "C:\WINDOWS\TEMP\E_S5EE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dcfssvc (Dcfssvc) - Eastman Kodak Company - C:\WINDOWS\system32\DRIVERS\dcfssvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7101 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 DcCam (Kodak Camera Proxy) - c:\windows\system32\drivers\dccam.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera Driver>
R1 StarOpen - c:\windows\system32\drivers\staropen.sys
R2 DCFS2k - c:\windows\system32\drivers\dcfs2k.sys <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (NT)>
R3 DcLps (Legacy Polling Service) - c:\windows\system32\drivers\dclps.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera LPS Driver>

S1 Exportit - c:\windows\system32\drivers\exportit.sys <Not Verified; Eastman Kodak Company; Kodak DC File System driver>
S3 DcFpoint - c:\windows\system32\drivers\dcfpoint.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera FP Driver>
S3 DcPTP (%DcPTP.SvcDesc%) - c:\windows\system32\drivers\dcptp.sys <Not Verified; Eastman Kodak Company; Kodak Digital Camera PTP Driver>
S3 EPScanMemory - c:\program files\epox\eptp\scanmemory32.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Dcfssvc - c:\windows\system32\drivers\dcfssvc.exe <Not Verified; Eastman Kodak Company; Kodak DC File System Driver (Win32)>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINDOWS\system32\svchost.exe (pid 1232)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINDOWS\explorer.exe (pid 456)
2006-11-30 21:49:02 6144 --a------ C:\Program Files\Yahoo!\Messenger\idle.dll <Not Verified; Yahoo! Inc.; Yahoo! Messenger>
2005-09-03 12:58:22 1802240 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll <Not Verified; Nero AG; Nero Digital Tools>


-- Scheduled Tasks -------------------------------------------------------------

2008-03-11 09:31:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-20 21:12:51 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-07-20 21:12:51 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-07-20 21:12:51 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-07-20 21:12:51 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-07-20 21:12:51 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-07-20 21:12:51 253952 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-07-20 21:12:51 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-07-20 21:12:51 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-07-20 21:12:51 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-07-20 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-07-20 21:12:51 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-07-20 21:12:51 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-07-20 21:12:51 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-07-20 21:12:51 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2008-07-10 20:11:46 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 21:47:27 0 d--hs---- C:\WINDOWS\CSC


-- Find3M Report ---------------------------------------------------------------

2008-07-16 10:57:58 0 d-------- C:\Program Files\DNA
2008-07-14 23:43:38 0 d-------- C:\Documents and Settings\Adrian\Application Data\DNA
2008-07-02 21:35:51 1862 --a------ C:\WINDOWS\mozver.dat
2008-06-23 18:49:59 0 d-------- C:\Program Files\BitTorrent
2008-06-23 18:49:42 0 d-------- C:\Documents and Settings\Adrian\Application Data\BitTorrent
2008-06-09 20:07:56 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-09 20:07:51 0 d-------- C:\Program Files\Rockstar Games
2008-05-29 12:10:26 0 d-------- C:\Program Files\YInformer
2008-05-29 00:07:18 1080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-04-30 23:31:55 16 --a------ C:\WINDOWS\popcinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetStat Live"="C:\Program Files\AnalogX\NetStat Live\nsl.exe" [01/26/2008 11:55 AM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/05/2008 08:39 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 09:49 PM]
"EPSON Stylus C90 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZP.exe" [09/27/2006 12:00 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:56 AM]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrian^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Adrian\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
"C:\Program Files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hwmdr]
"C:\Program Files\EPoX\EPTP\EPTP.EXE" "5000"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp\winampa.exe"




-- End of Deckard's System Scanner: finished at 2008-07-28 20:51:58 ------------
  • 0

#265
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 75%
Physical Memory (total/avail): 511.48 MiB / 125.21 MiB
Pagefile Memory (total/avail): 2979.95 MiB / 2566.92 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1902.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 21.41 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Adrian\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OFFICE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Adrian
LOGONSERVER=\\OFFICE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Adrian\LOCALS~1\Temp
TMP=C:\DOCUME~1\Adrian\LOCALS~1\Temp
USERDOMAIN=OFFICE
USERNAME=Adrian
USERPROFILE=C:\Documents and Settings\Adrian
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Adrian (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
AnalogX NetStat Live --> C:\Program Files\AnalogX\NetStat Live\nslu.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Panorama Maker 2000\Uninst.isu"
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{D63C3DAC-5112-4544-A766-C02D4C3BF811}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{90437E5F-0A9E-4B63-AD8B-D232897D18BF}
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Buddy Spy 2.2.10 --> "C:\Program Files\Buddy Spy\unins000.exe"
Camera RAW Plug-In for EPSON Creativity Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
Chikka Txt Messenger V4 --> C:\PROGRA~1\ChikkaV4\Uninstaller.exe
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
EPoX Magic BIOS --> "C:\Program Files\EPoX\Magic BIOS\SETUP.EXE" "-UNINSTALL"
EPoX Magic Screen --> "C:\Program Files\EPoX\Magic Screen\SETUP.EXE" "-UNINSTALL"
EPoX Thunder Probe (EPTP) --> "C:\Program Files\EPoX\EPTP\INSTALL.EXE" "-UNINSTALL"
EPSON Attach To Email --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Easy Photo Print --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D893565C-10EA-45AF-AFDA-0514B0DC0AE2}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Scan Assistant --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Stylus C90_91_D92 Manual --> C:\Program Files\EPSON\TPMANUAL\ESC90 91 D92\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
GG E-Sports Platform --> C:\Program Files\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Grand Theft Auto Vice City --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\Setup.exe" -l0x9
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP PrecisionScan LTX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
HP Share-to-Web --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" -uninst
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KODAK DC4800 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{313F731E-E2D9-486F-8352-4C59EC57D139}\setup.exe"
KODAK Pictures Now Desktop Software --> C:\WINDOWS\unvise32.exe C:\Program Files\Kodak\KODAK Pictures Now Desktop Software\Uninstal.log
L&H TTS3000 British English --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSENG.inf, Uninstall
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathType 6 --> "C:\Program Files\MathType\Setup.exe" -R
Microsoft Encarta Premium Suite 2005 --> MsiExec.exe /I{055A00C0-64A6-4248-A026-9745C1E9E159}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo --> MsiExec.exe /I{84B2CF01-194D-2284-B313-F2E0D78D1033}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuide.exe UninstallGUI
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung Samples Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x9 -removeonly
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SUPER © Version 2007.bld.22 (Mar 14, 2007) --> C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Winamp Remote --> "C:\Program Files\Winamp Remote\uninstall.exe"
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
Xvid 1.1.3 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
YInformer 3.2 --> "C:\Program Files\YInformer\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type2571 / Error
Event Submitted/Written: 07/28/2008 08:43:45 PM / 07/28/2008 08:43:46 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.4669, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type2534 / Error
Event Submitted/Written: 07/24/2008 11:12:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application chikkalauncher.exe, version 1.0.0.12, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [chikkalauncher.exe!ws!]

Event Record #/Type2523 / Error
Event Submitted/Written: 07/22/2008 10:29:46 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application chikkalauncher.exe, version 1.0.0.12, faulting module mshtml.dll, version 7.0.6000.16674, fault address 0x00012ea4.
Processing media-specific event for [chikkalauncher.exe!ws!]

Event Record #/Type2449 / Error
Event Submitted/Written: 07/10/2008 11:20:49 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoomessenger.exe, version 8.1.0.209, faulting module yahoomessenger.exe, version 8.1.0.209, fault address 0x0022f49d.
Processing media-specific event for [yahoomessenger.exe!ws!]

Event Record #/Type2448 / Error
Event Submitted/Written: 07/10/2008 09:40:28 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application yahoomessenger.exe, version 8.1.0.209, faulting module unknown, version 0.0.0.0, fault address 0x016d88a2.
Processing media-specific event for [yahoomessenger.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type12643 / Error
Event Submitted/Written: 07/28/2008 07:41:15 PM / 07/28/2008 07:41:30 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type12601 / Error
Event Submitted/Written: 07/27/2008 07:32:39 PM / 07/27/2008 07:32:56 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type12576 / Error
Event Submitted/Written: 07/27/2008 06:13:57 PM / 07/27/2008 06:14:13 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type12567 / Warning
Event Submitted/Written: 07/27/2008 00:04:08 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type12549 / Error
Event Submitted/Written: 07/26/2008 11:43:45 PM / 07/26/2008 11:44:03 PM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-07-28 20:51:58 ------------
  • 0

Advertisements


#266
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go to Start > Run> then copy\paste this in "%userprofile%\desktop\dss.exe" /daft then hit ok.
Place a check next to everything and click on fix.
Rescan again and it should say all associations ok.
===================================
Also I would uninstall BitTorrent as using programs such as these can raise your chances of getting infected again.
After you uninstall it please then delete this folder> C:\Program Files\BitTorrent
======================================
Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as find.bat on your Desktop.
@Echo off

dir "C:\Program Files\Mozilla FireFox\extensions" >>find.txt
start find.txt
exit
DOuble click on find.bat and it will open a notepad document please post that back here in your next reply.
  • 0

#267
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Volume in drive C has no label.
Volume Serial Number is D89C-F6AE

Directory of C:\Program Files\Mozilla FireFox\extensions

07/26/2008 11:54 PM <DIR> .
07/26/2008 11:54 PM <DIR> ..
07/17/2008 11:32 AM <DIR> [email protected]
07/04/2008 01:28 AM <DIR> [email protected]
07/17/2008 11:32 AM <DIR> {972ce4c6-7e08-4474-a285-3208198ce6fd}
01/29/2008 09:13 PM <DIR> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
03/10/2008 11:26 PM <DIR> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
0 File(s) 0 bytes
7 Dir(s) 22,988,972,032 bytes free
  • 0

#268
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
I am receiving threat detections from AVG since the past days.. I move them to vault and delete them afterwards...
  • 0

#269
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi can you please post the AVG log.
  • 0

#270
amm007

amm007

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 265 posts
Hi kahdah. I emptied the vault just recently and could not locate the log anymore because it's just a spontaneous detection without running any scan. By the way, I found out that its virus name is the same as the ones previously located by AVG from btdna. The trojan thing. It just relocated itself.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP