Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Jambanmu.com And Flash.10.exe

Started by bud3ng , Sep 21 2007 07:13 AM

  • This topic is locked This topic is locked
7 replies to this topic

#1 bud3ng

bud3ng

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2007 - 07:13 AM

When windows start, 2 error appears. " Windows cannot find C:\WINDOWS\system32\JambanMu.com.Make sure you typed the name correctly, and then try again" Another error which is Windows cannot find Flash.10.exe

I found that the folder option menu has dissapeared. Also cannot access regedit. It says regedit has been disabled by administrator.
So far my antivirus also cannot start. I dont know why.

I have scan my pc and below is the log of my scanning ;



Logfile of HijackThis v1.99.1
Scan saved at 8:59:08 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
D:\programfiles\webserver\bin\win32\matlabserver.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\mIRC\mirc.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\system32\JambanMu.com"
F3 - REG:win.ini: load=Flash.10.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\WINDOWS\iDonate.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [P2kAutostart] E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://messenger.yah...net/PEAgent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4ACC288-6EF0-4CAF-B487-FEF09C79B3AB}: NameServer = 160.0.226.202
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\programfiles\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

    Advertisements

Register to Remove

#2 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 21 September 2007 - 07:47 AM

Hello bud3ng :)

My name is SNOWHITE and I will be helping you with your Malware problem.

PLEASE READ THIS POST COMPLETELY, IT MAY MAKE IT EASIER FOR YOU IF YOU COPY AND PASTE THIS POST INTO A NEW TEXT DOCUMENT OR PRINT IT FOR REFERENCE LATER



Please follow the steps below exactly in the order they are written:

Step #1

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Step #2

Please run this online scan:

Panda ActiveScan
  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on Local Disks to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log

Step #3

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

In your next post please include the following reports:
  • SDFix report
  • Panda report
  • dss scan reports main.txt and extra.txt
Let me know how the things went, also if your computer connected to home network.

Regards,
SNOWHITE
Posted Image

#3 bud3ng

bud3ng

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2007 - 08:50 AM

1.I have finished STEP 1 and this is the report using SDFix;

SDFix: Version 1.106

Run by akira on Fri 09/21/2007 at 10:09 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe:*:Enabled:ansconug180.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe:*:Enabled:ansconug190.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe:*:Enabled:ansconug20.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe:*:Enabled:ansconug180.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe:*:Enabled:ansconug190.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe:*:Enabled:ansconug20.exe"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll
C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\WINDOWS\SoftwareDistribution\Downloadf8a5d0d09e527fa35dec9e085d4b802\BIT15.tmp
C:\WINDOWS\SoftwareDistribution\Download\4cbc0c1da652794a86c37dbd177bef9d\BIT19.tmp
C:\WINDOWS\SoftwareDistribution\Download\4e28cc4378cd0807778e1b0917bd6312\BIT14.tmp
C:\WINDOWS\SoftwareDistribution\Download\52b72a8354f3c8a72b1aee0b2a11d368\BIT16.tmp
C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\BIT18.tmp
C:\WINDOWS\SoftwareDistribution\Download\ab24052f4987d828c75b146887588d0c\BIT13.tmp
C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\BIT17.tmp

Finished!

2. I cant do step 2 because my college has enable download limiting. ActiveX that must be downloaded (8MB) is exceeded my college download limit which is only 2MB. So that i cant run activescan using Panda Activescan.


3. I finished step 3 which is using dss.exe and here are the reports
[/b]

Main.txt

Deckard's System Scanner v20070905.67
Run by akira on 2007-09-21 22:29:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
15: 2007-09-22 05:29:04 UTC - RP110 - Deckard's System Scanner Restore Point
14: 2007-09-21 13:19:48 UTC - RP109 - System Checkpoint
13: 2007-09-20 12:39:59 UTC - RP108 - System Checkpoint
12: 2007-09-19 09:46:15 UTC - RP107 - System Checkpoint
11: 2007-09-18 07:35:57 UTC - RP106 - System Checkpoint


-- First Restore Point --
1: 2007-09-12 13:37:50 UTC - RP96 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 0.2 GiB (less than 15%) free.


-- HijackThis (run as akira.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:29:27 PM, on 9/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
D:\programfiles\webserver\bin\win32\matlabserver.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\akira\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\akira.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\WINDOWS\iDonate.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [P2kAutostart] E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://messenger.yah...net/PEAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4ACC288-6EF0-4CAF-B487-FEF09C79B3AB}: NameServer = 160.0.226.202
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\programfiles\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe


-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,71
.com - comfile - DefaultIcon - %SystemRoot%\System32\shell32.dll,0
.inf - inffile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,69
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"
.txt - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - txtfile - DefaultIcon - C:\WINDOWS\system32\shell32.dll,70
.vbs - txtfile - shell\open\command - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - txtfile - shell\edit\command - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 windrvNT - c:\windows\system32\windrvnt.sys
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>

S2 DS1410D - c:\windows\system32\drivers\ds1410d.sys (file missing)
S3 catchme - c:\docume~1\akira\locals~1\temp\catchme.sys (file missing)
S3 NuVision (Hauppauge WinTV USB Pro (PAL B/G,D/K)) - c:\windows\system32\drivers\nuvision.sys <Not Verified; Hauppauge Computer Works; WinTV USB>
S3 P2k (Motorola USB Device) - c:\windows\system32\drivers\p2k.sys <Not Verified; Motorola Inc; P2k Driver>
S3 WINIO - c:\windows\system32\winio.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ANSYS FLEXlm license manager - c:\progra~1\ansysi~1\shared~1\licens~1\intel\lmgrd.exe <Not Verified; Macrovision Corporation; >
R2 matlabserver (MATLAB Server) - d:\programfiles\webserver\bin\win32\matlabserver.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\_NVRAIDBUS\3&13C0B0C5&0
Manufacturer:
Name:
PNP Device ID: ACPI\_NVRAIDBUS\3&13C0B0C5&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-09-21 02:01:00 346 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2007-08-21 and 2007-09-21 -----------------------------

2007-09-21 22:27:08 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-09-21 22:27:06 0 d-------- C:\WINDOWS\LastGood
2007-09-21 22:09:03 0 d-------- C:\WINDOWS\ERUNT
2007-09-21 21:17:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-21 02:09:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-09-20 04:17:00 0 dr-h----- C:\Documents and Settings\akira\Recent
2007-09-19 23:54:32 0 d--h----- C:\WINDOWS\PIF
2007-09-19 23:54:30 398400 --a------ C:\WINDOWS\system\vtssdll.dll <Not Verified; ; SS>
2007-09-19 23:54:30 15904 --a------ C:\WINDOWS\system\vtssdbw.dll <Not Verified; Borland International; Borland Visual Solutions Pack, Version 1.1>
2007-09-19 23:54:30 244192 --a------ C:\WINDOWS\system\mhcards.dll
2007-09-19 23:54:30 254976 --a------ C:\WINDOWS\system\bdt52exf.dll <Not Verified; Borland International; VBX Data Access Controls>
2007-09-19 23:54:30 273920 --a------ C:\WINDOWS\system\bdt52ex.dll <Not Verified; Borland International; VBX Data Access Controls>
2007-09-19 23:54:29 131584 --a------ C:\WINDOWS\system32\wsiwin32.dll
2007-09-19 23:54:29 375296 --a------ C:\WINDOWS\system32\wsihk32.dll
2007-09-19 23:54:29 211488 --a------ C:\WINDOWS\system32\bwcc32.dll <Not Verified; Borland International; >
2007-09-19 23:54:29 159744 --a------ C:\WINDOWS\system32\bw32000c.dll
2007-09-19 23:54:29 159744 --a------ C:\WINDOWS\system32\bw320009.dll <Not Verified; Borland International; >
2007-09-19 23:54:29 159744 --a------ C:\WINDOWS\system32\bw320007.dll
2007-09-19 23:54:29 188448 --a------ C:\WINDOWS\system32\bocof.dll
2007-09-19 23:54:29 58192 --a------ C:\WINDOWS\system\mhrun300.dll <Not Verified; MicroHelp Inc.; VBTools2 - run time dll>
2007-09-19 23:54:29 25808 --a------ C:\WINDOWS\system\ctl3dv2.dll <Not Verified; Microsoft Corporation; 3D Windows Control>
2007-09-19 23:54:29 96928 --a------ C:\WINDOWS\system\bwcc000c.dll
2007-09-19 23:54:29 96912 --a------ C:\WINDOWS\system\bwcc0009.dll <Not Verified; Borland International; >
2007-09-19 23:54:29 97072 --a------ C:\WINDOWS\system\bwcc0007.dll
2007-09-19 23:54:29 164928 --a------ C:\WINDOWS\system\bwcc.dll <Not Verified; Borland International; >
2007-09-19 23:54:29 377680 --a------ C:\WINDOWS\system\bocole.dll
2007-09-19 23:54:29 65024 --a------ C:\WINDOWS\system\bivbx31n.exe <Not Verified; Borland International; 16-bit VBX Thunk Server for Windows NT>
2007-09-19 23:54:29 22016 --a------ C:\WINDOWS\system\bivbx31c.dll <Not Verified; Borland International; 16-bit VBX Thunk DLL for Windows 95>
2007-09-19 23:54:29 107520 --a------ C:\WINDOWS\system\bivbx31.dll <Not Verified; Borland International; VBX Emulation Library>
2007-09-19 23:54:29 91136 --a------ C:\WINDOWS\BC5RMV.EXE
2007-09-19 23:54:27 0 d-------- C:\Program Files\BORLAND
2007-09-19 23:54:26 0 d-------- C:\BDE32
2007-09-19 23:53:21 0 d-------- C:\BC5
2007-09-15 05:28:12 0 d-------- C:\Program Files\Cheating-Death
2007-09-12 08:48:49 1188 --a------ C:\Documents and Settings\akira\45
2007-09-11 23:28:30 0 d-------- C:\Documents and Settings\akira\WINDOWS
2007-09-10 03:15:58 41324 --a------ C:\WINDOWS\system32\winio.sys
2007-09-10 03:15:24 0 d-------- C:\Documents and Settings\akira\Application Data\MathWorks
2007-09-09 05:06:25 0 d-------- C:\WINDOWS\Sun
2007-09-09 05:06:25 0 d-------- C:\Documents and Settings\akira\Application Data\Sun
2007-09-08 22:18:50 0 d-------- C:\Program Files\Java
2007-09-08 22:18:48 0 d-------- C:\Program Files\Common Files\Java
2007-09-08 22:17:55 0 d-------- C:\Program Files\Your Freedom
2007-09-08 22:07:09 53248 --a------ C:\WINDOWS\iDonate.dll <Not Verified; MoreGoogle.com; MoreGoogle>
2007-09-07 05:55:36 0 d-------- C:\Temp
2007-09-07 05:54:37 0 d-------- C:\Program Files\ImTOO
2007-09-02 22:02:08 286720 --a------ C:\WINDOWS\iun506.exe <Not Verified; Indigo Rose Corporation; Setup Factory 5.0 Uninstaller>
2007-09-02 22:02:07 0 d-------- C:\Program Files\WWE-Script
2007-08-26 14:58:01 0 d-------- C:\Program Files\HLSW
2007-08-25 00:43:41 660 --a------ C:\amt1
2007-08-25 00:43:23 520192 --a------ C:\WINDOWS\system32\wscma2u.exe <Not Verified; YAMAHA CORPORATION; WSC-MA2 (UTF-8)>
2007-08-25 00:43:23 193536 --a------ C:\WINDOWS\system32\atomid.exe
2007-08-25 00:43:23 278528 --a------ C:\WINDOWS\system32\ammpp.dll
2007-08-25 00:43:23 65536 --a------ C:\WINDOWS\system32\a1.dll
2007-08-25 00:43:22 0 d-------- C:\Program Files\AnMing
2007-08-25 00:36:10 368912 --a------ C:\WINDOWS\system32\vbar332.dll <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-08-25 00:36:10 0 d-------- C:\Program Files\Coding Workshop
2007-08-25 00:33:40 0 d-------- C:\Program Files\1stbenison
2007-08-25 00:17:07 0 d-------- C:\Program Files\LitexMedia


-- Find3M Report ---------------------------------------------------------------

2007-09-16 07:29:04 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2007-09-16 07:29:04 0 d-------- C:\Program Files\AnswerWorks 4.0
2007-09-12 02:34:53 0 d-------- C:\Documents and Settings\akira\Application Data\Ansys
2007-09-12 00:07:47 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-09-11 23:46:28 0 d-------- C:\Program Files\Ansys Inc
2007-09-08 22:18:48 0 d-------- C:\Program Files\Common Files
2007-09-02 18:55:08 0 d-------- C:\Program Files\Yahoo!
2007-08-31 02:06:55 0 d-------- C:\Program Files\LeaderGL_FlexEditor
2007-08-17 23:06:23 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-08-17 23:04:12 0 d-------- C:\Program Files\DAEMON Tools
2007-08-16 17:16:16 0 d-------- C:\Program Files\Easy Icon Maker
2007-08-16 16:53:00 0 d-------- C:\Program Files\Bee Icons
2007-08-16 16:20:33 0 d-------- C:\Program Files\Google
2007-08-16 16:18:32 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-08-16 16:15:50 0 d-------- C:\Program Files\vtplus
2007-08-10 19:52:15 0 d-------- C:\Program Files\DivX
2007-08-09 20:41:19 0 d-------- C:\Program Files\FlvAmp FLV Player
2007-08-02 22:56:20 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-08-02 02:08:25 0 d-------- C:\Documents and Settings\akira\Application Data\Autodesk
2007-08-02 02:05:15 0 d-------- C:\Program Files\Autodesk
2007-07-31 01:31:55 0 d-------- C:\Program Files\@Last Software
2007-07-28 01:59:32 0 d-------- C:\Documents and Settings\akira\Application Data\Google
2007-07-13 22:50:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-07-13 19:27:35 1156 --a------ C:\WINDOWS\mozver.dat
2007-07-13 18:26:51 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-07-13 12:00:25 0 --a------ C:\WINDOWS\nsreg.dat
2007-07-10 13:15:53 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-07-08 15:50:58 2320640 --a------ C:\WINDOWS\system32\TUKernel.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-07-07 16:57:19 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2007-07-05 20:05:01 0 -rahs---- C:\MSDOS.SYS
2007-07-05 20:05:01 0 -rahs---- C:\IO.SYS
2007-07-05 20:05:01 0 --a------ C:\CONFIG.SYS
2007-07-05 20:05:01 0 --a------ C:\AUTOEXEC.BAT
2007-07-05 19:59:37 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-07-05 12:49:26 62 --a-s---- C:\Documents and Settings\akira\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [10/17/2005 11:45 AM C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/03/2004 12:00 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 02:22 PM]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [08/02/2007 10:56 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [09/14/2006 01:09 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe" [12/06/2004 09:31 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe" [11/01/2005 07:56 PM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [08/05/2005 08:35 PM]

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c4912bf-6635-11dc-a49e-000feae9ee72}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a4ba9e-2b72-11dc-b6df-b36f772e0018}]
AutoRun\command- G:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2007-09-21 22:30:32 ------------


extra.txt

Deckard's System Scanner v20070905.67
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ 64 Processor 3000+
Percentage of Memory in Use: 36%
Physical Memory (total/avail): 1023.48 MiB / 651.97 MiB
Pagefile Memory (total/avail): 2461.61 MiB / 2182.12 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1969.12 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 7.81 GiB total, 0.2 GiB free.
D: is Fixed (NTFS) - 59.85 GiB total, 15.57 GiB free.
E: is Fixed (NTFS) - 6.83 GiB total, 1.84 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JD-75JNA0 - 74.5 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 7.81 GiB - C:
\PARTITION1 - Installable File System - 6.83 GiB - E:
\PARTITION2 - Extended w/Extended Int 13 - 59.85 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) Outdated

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe:*:Enabled:ansconug180.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe:*:Enabled:ansconug190.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe:*:Enabled:ansconug20.exe"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ans_admin.exe:*:Enabled:ans_admin.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970.exe:*:Enabled:ls970.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\ls970_DP.exe:*:Enabled:ls970_DP.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lspost.exe:*:Enabled:lspost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\lsprepostd.exe:*:Enabled:lsprepostd.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitest.exe:*:Enabled:mpitest.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\mpitestmpich.exe:*:Enabled:mpitestmpich.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\sxpost.exe:*:Enabled:sxpost.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe:*:Enabled:ANSYS.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe:*:Enabled:tclsh.exe"
"C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"="C:\\Program Files\\Ansys Inc\\v90\\CommonFiles\\TCL\\bin\\Intel\\wish.exe:*:Enabled:wish.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe:*:Enabled:ac4catia.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe:*:Enabled:ac4para.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe:*:Enabled:ac4pro.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe:*:Enabled:ac4sat.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug180\\Intel\\ansconug180.exe:*:Enabled:ansconug180.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug190\\Intel\\ansconug190.exe:*:Enabled:ansconug190.exe"
"C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"="C:\\Program Files\\Ansys Inc\\v90\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe:*:Enabled:ansconug20.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
ANSYS90_DIR=C:\PROGRAM FILES\ANSYS INC\V90\ANSYS
ANSYSLIC_DIR=C:\PROGRAM FILES\ANSYS INC\SHARED FILES\LICENSING
ANSYSLMD_LICENSE_FILE=1055@akira-532d24427
ANSYS_SYSDIR=Intel
APPDATA=C:\Documents and Settings\akira\Application Data
CADOE_DOCDIR100=C:\Program Files\Ansys Inc\v100\CommonFiles\help\en-us\solviewer
CADOE_DOCDIR90=C:\PROGRAM FILES\ANSYS INC\V90\ANSYS\..\CommonFiles\help\en-us\solviewer
CADOE_LIBDIR100=C:\Program Files\Ansys Inc\v100\CommonFiles\Language\en-us
CADOE_LIBDIR90=C:\PROGRAM FILES\ANSYS INC\V90\ANSYS\..\CommonFiles\Language\en-us
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AKIRA-532D24427
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\akira
KMP_STACKSIZE=4m
LOGONSERVER=\\AKIRA-532D24427
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared\;D:\programfiles\bin\win32;C:\BC5\BIN;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=1f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
P_SCHEMA=C:\PROGRAM FILES\ANSYS INC\V90\ANSYS\ac4\schema
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\akira\LOCALS~1\Temp
TMP=C:\DOCUME~1\akira\LOCALS~1\Temp
USERDOMAIN=AKIRA-532D24427
USERNAME=akira
USERPROFILE=C:\Documents and Settings\akira
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

akira (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee 6.0 PowerPack --> MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70001000000}
ANSYS 9.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5DA9DFF-E6E1-49DC-8493-86AE52B70953}\setup.exe" -l0x9 -uninst
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HydraVision --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audio Conversion Wizard 1.4 --> "C:\Program Files\LitexMedia\Audio Conversion Wizard\unins000.exe"
AutoCAD 2005 - English --> MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Borland C++ 5.02 --> C:\WINDOWS\BC5RMV.EXE C:\BC5\BC5RMV.LOG
Cheating-Death 4.33.4 --> C:\Program Files\Cheating-Death\UninstCD.exe
Counter-Strike 1.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime9\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}\Setup.exe" -l0x9
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Enable S3 for USB Device --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
FlvAmp FLV Player --> "C:\WINDOWS\FlvAmp FLV Player\uninstall.exe" "/U:C:\Program Files\FlvAmp FLV Player\Uninstall\uninstall.xml"
Folder Lock --> D:\Folder Lock\Uninstall.exe
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Hijackthis 1.99.1 --> "C:\Program Files\Hijackthis\unins000.exe"
HijackThis 1.99.1 --> C:\Program Files\Hijackthis\HijackThis.exe /uninstall
HLSW v1.0.0.47 --> "C:\Program Files\HLSW\unins000.exe"
J2SE Runtime Environment 5.0 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
K-Lite Mega Codec Pack 1.61 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LeaderGL FlexEditor 10.4 XP --> C:\Program Files\LeaderGL_FlexEditor\uninst.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC --> "E:\Program Files\mIRC\mirc.exe" -uninstall
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
MP3 To Ringtone Gold 3.15 --> "C:\Program Files\AnMing\unins000.exe"
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX --> "C:\Program Files\Eset\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\NVUNINST.EXE UninstallGUI
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RSD_LITE_3_4 --> MsiExec.exe /X{3ED95676-6761-4024-B115-A471F44597FF}
SketchUp 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime91\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WWE Script XP v3.0 --> C:\WINDOWS\iun506.exe C:\Program Files\WWE-Script\irunin.ini
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Your Freedom --> "C:\Program Files\Your Freedom\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type866 / Warning
Event Submitted/Written: 09/21/2007 02:08:58 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-7AD7-1033-7B44-A70001000000}', feature 'ReaderProgramFiles' failed during request for component '{45758330-D9D2-4BE9-9419-BE8AF4221BB9}'

Event Record #/Type865 / Warning
Event Submitted/Written: 09/21/2007 02:08:58 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-7AD7-1033-7B44-A70001000000}', feature 'ReaderProgramFiles', component '{0B721F30-4CD4-48FD-8D0A-DBD98D4A3711}' failed. The resource 'HKEY_CLASSES_ROOT\TypeLib\{E64169B3-3592-47d2-816E-602C5C13F328}\1.1\win32\' does not exist.

Event Record #/Type863 / Warning
Event Submitted/Written: 09/20/2007 02:30:18 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-7AD7-1033-7B44-A70001000000}', feature 'ReaderProgramFiles' failed during request for component '{9D11D411-5526-4AE4-A87D-ED9413977A56}'

Event Record #/Type862 / Warning
Event Submitted/Written: 09/20/2007 02:30:18 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-7AD7-1033-7B44-A70001000000}', feature 'ReaderProgramFiles', component '{0B721F30-4CD4-48FD-8D0A-DBD98D4A3711}' failed. The resource 'HKEY_CLASSES_ROOT\TypeLib\{E64169B3-3592-47d2-816E-602C5C13F328}\1.1\win32\' does not exist.

Event Record #/Type860 / Warning
Event Submitted/Written: 09/19/2007 02:03:51 AM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{AC76BA86-7AD7-1033-7B44-A70001000000}', feature 'ReaderProgramFiles' failed during request for component '{9D11D411-5526-4AE4-A87D-ED9413977A56}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type3454 / Error
Event Submitted/Written: 09/21/2007 10:12:42 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The DS1410D service failed to start due to the following error:
%%2

Event Record #/Type3450 / Error
Event Submitted/Written: 09/21/2007 10:08:27 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
AFD
Fips
IPSec
MRxSmb
NetBIOS
NetBT
nod32drv
Processor
RasAcd
Rdbss
Tcpip
WS2IFSL

Event Record #/Type3449 / Error
Event Submitted/Written: 09/21/2007 10:08:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Event Record #/Type3448 / Error
Event Submitted/Written: 09/21/2007 10:08:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Event Record #/Type3447 / Error
Event Submitted/Written: 09/21/2007 10:08:27 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31



-- End of Deckard's System Scanner: finished at 2007-09-21 22:30:32 ------------

4. And so far i dont see anymore the Jambanmu.com and flash.10.exe error and i also can access my regedit and folder option.

#4 bud3ng

bud3ng

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2007 - 10:13 AM

so what about the other error in the report? do i need to do something ? for eg in the extra.txt

#5 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 21 September 2007 - 11:42 AM

Please follow the steps below exactly in the order they are written:

Step #1

Click start > Run > in the empty edit box copy&paste this line :

"%userprofile%\desktop\dss.exe" /daft

Click OK button.

Read the disclaimer and click OK.
  • Click on the Scan button.
  • Place a checkmark next to the following entries in case they appear:


.bat
.com
.inf
.ini
.txt
.vbs


  • Click the Fix button.
  • Re-scan and save a logfile. By default, it will save as daft.txt
  • Post daft.txt in your next post.
If everything is ok again, it should display the "all associations ok message"


Step #2

1. Download combofix from one of these links:
Link1
Link2
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

2. I cant do step 2 because my college has enable download limiting. ActiveX that must be downloaded (8MB) is exceeded my college download limit which is only 2MB. So that i cant run activescan using Panda Activescan.


Why did your college set this limit? Can you ask him to change this?

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.) Outdated


Your Nod32 antivirus is outdated, try updating it and run full scan after that. If you are not able to update it let me know.

Post back with daft report, combofix report and new HijackThis log, also if you were able to update NOD32 and run scan with it post the report back here.

Regards,

Edited by SNOWHITE, 21 September 2007 - 11:43 AM.

SNOWHITE
Posted Image

#6 bud3ng

bud3ng

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 21 September 2007 - 12:21 PM

Daft Report

DAFT Log saved on 2007-09-22 01:49:56
-----------------------------------------------------------------------
.scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\notepad.exe" "%1"

Combofix Log

ComboFix 07-09-21.2 - "akira" 2007-09-22 2:10:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.643 [GMT -7:00]
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-08-22 to 2007-09-22 )))))))))))))))))))))))))))))))
.

2007-09-22 00:24 <DIR> d-------- C:\DOCUME~1\akira\APPLIC~1\Lavasoft
2007-09-22 00:22 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-21 22:28 <DIR> d-------- C:\Deckard
2007-09-21 22:27 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-21 22:09 <DIR> d-------- C:\WINDOWS\ERUNT
2007-09-21 21:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-19 23:54 91,136 --a------ C:\WINDOWS\BC5RMV.EXE
2007-09-19 23:54 <DIR> d--h----- C:\WINDOWS\PIF
2007-09-19 23:53 <DIR> d-------- C:\BC5
2007-09-15 05:28 <DIR> d-------- C:\Program Files\Cheating-Death
2007-09-11 23:28 <DIR> d-------- C:\DOCUME~1\akira\WINDOWS
2007-09-10 03:15 41,324 --a------ C:\WINDOWS\system32\winio.sys
2007-09-10 03:15 <DIR> d-------- C:\DOCUME~1\akira\APPLIC~1\MathWorks
2007-09-08 22:17 <DIR> d-------- C:\Program Files\Your Freedom
2007-09-08 22:07 53,248 --a------ C:\WINDOWS\iDonate.dll
2007-09-07 05:55 <DIR> d-------- C:\Temp
2007-09-07 05:54 <DIR> d-------- C:\Program Files\ImTOO
2007-09-02 22:02 286,720 --a------ C:\WINDOWS\iun506.exe
2007-09-02 22:02 <DIR> d-------- C:\Program Files\WWE-Script
2007-08-26 14:58 <DIR> d-------- C:\Program Files\HLSW
2007-08-25 00:43 65,536 --a------ C:\WINDOWS\system32\a1.dll
2007-08-25 00:43 520,192 --a------ C:\WINDOWS\system32\wscma2u.exe
2007-08-25 00:43 278,528 --a------ C:\WINDOWS\system32\ammpp.dll
2007-08-25 00:43 193,536 --a------ C:\WINDOWS\system32\atomid.exe
2007-08-25 00:43 <DIR> d-------- C:\Program Files\AnMing
2007-08-25 00:36 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2007-08-25 00:36 <DIR> d-------- C:\Program Files\Coding Workshop
2007-08-25 00:33 <DIR> d-------- C:\Program Files\1stbenison
2007-08-25 00:17 <DIR> d-------- C:\Program Files\LitexMedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 07:29 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-09-16 07:29 --------- d-------- C:\Program Files\AnswerWorks 4.0
2007-09-12 02:34 --------- d-------- C:\DOCUME~1\akira\APPLIC~1\Ansys
2007-09-12 00:07 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-11 23:46 --------- d-------- C:\Program Files\Ansys Inc
2007-09-02 18:55 --------- d-------- C:\Program Files\Yahoo!
2007-08-31 02:06 --------- d-------- C:\Program Files\LeaderGL_FlexEditor
2007-08-17 23:06 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-17 23:00 611064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-16 17:16 --------- d-------- C:\Program Files\Easy Icon Maker
2007-08-16 16:53 --------- d-------- C:\Program Files\Bee Icons
2007-08-16 16:20 --------- d-------- C:\Program Files\Google
2007-08-16 16:15 --------- d-------- C:\Program Files\vtplus
2007-08-10 19:52 --------- d-------- C:\Program Files\DivX
2007-08-09 20:41 --------- d-------- C:\Program Files\FlvAmp FLV Player
2007-08-02 22:56 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-08-02 22:56 298104 --a------ C:\WINDOWS\system32\imon.dll
2007-08-02 22:56 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-08-02 02:08 --------- d-------- C:\DOCUME~1\akira\APPLIC~1\Autodesk
2007-08-02 02:05 --------- d-------- C:\Program Files\Autodesk
2007-08-02 02:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-07-31 01:31 --------- d-------- C:\Program Files\@Last Software
2007-07-28 01:59 --------- d-------- C:\DOCUME~1\akira\APPLIC~1\Google
2007-07-13 18:26 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
2007-07-10 13:15 53248 --a------ C:\WINDOWS\system32\suppdll.dll
2007-07-08 15:50 2320640 --a------ C:\WINDOWS\system32\TUKernel.exe
2007-07-07 16:57 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-07-05 20:34 499712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-07-05 20:34 348160 --a------ C:\WINDOWS\system32\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-17 11:45 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 12:00]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 14:22]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-02 22:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"P2kAutostart"="E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe" [2005-11-01 19:56]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [2005-08-05 20:35]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-A70001000000}\SC_Reader.exe [2007-07-13 18:49:46]

R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe -k netsvcs
R2 windrvNT;windrvNT;\??\C:\WINDOWS\system32\windrvNT.sys
S3 NuVision;Hauppauge WinTV USB Pro (PAL B/G,D/K);C:\WINDOWS\system32\DRIVERS\NUVision.sys
S3 WINIO;WINIO;\??\C:\WINDOWS\system32\winio.sys

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a4ba9e-2b72-11dc-b6df-b36f772e0018}]
AutoRun\command- G:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2007-09-22 09:00:45 C:\WINDOWS\Tasks\1-Click Maintenance.job"
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-22 02:10:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
P2kAutostart = E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe?0???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-09-22 2:11:16
C:\ComboFix-quarantined-files.txt ... 2007-09-22 02:11
C:\ComboFix2.txt ... 2007-07-17 16:23
.
--- E O F ---

And this is the Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 2:12:42 AM, on 9/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
D:\programfiles\webserver\bin\win32\matlabserver.exe
C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\ansyslmd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Program Files\mIRC\mirc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\WINDOWS\iDonate.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [P2kAutostart] E:\Modmymoto\Modding\Tools\Software\P2kCommanderV330\P2kAutostart.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5908A47C-F569-4B46-8B35-5FE2C63CC276} (PEAgent) - http://messenger.yah...net/PEAgent.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4ACC288-6EF0-4CAF-B487-FEF09C79B3AB}: NameServer = 160.0.226.202
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANSYS FLEXlm license manager - Macrovision Corporation - C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\programfiles\webserver\bin\win32\matlabserver.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

For your info, i cant update my NOD32 antivirus

#7 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 21 September 2007 - 12:37 PM

For your info, i cant update my NOD32 antivirus


If you are with outdated antivirus and not workable, we will just loose time, because your computer is unprotected and it will get reinfected all the time. It is important that you have working antivirus on your computer.

What is happening when you try to update it? Do you get any error, if you get, what does it say?
Do you have valid license for NOD32? It is also possible that you cant update your antivirus, if it needs to download larger update then 2MB, if so you will have to ask your college to enable downloading .

Regards,
SNOWHITE
Posted Image

#8 SNOWHITE

SNOWHITE

    Retired GTG Staff

  • Authentic Member
  • PipPip
  • 165 posts

Posted 11 October 2007 - 05:37 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log
SNOWHITE
Posted Image

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·