Please see my logs and tell me if there's a problem

[Panzer16]

Logfile of HijackThis v1.99.1
Scan saved at 2:50:02 AM, on 12/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZONELABS\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\Gizmo Project\mDNSResponder.exe
F:\WINDOWS\system32\svchost.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\AsusTC\AsusProb.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\AusLogics BoostSpeed\boostspeed.exe
D:\Program Files\Skype\Phone\Skype.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\Windows Live\Messenger\msnmsgr.exe
F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
F:\Program Files\DAP\DAP.exe
G:\Completed torrents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.m-w.com/dictionary
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.29.209.117 www.answers.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - F:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ASUS Probe] f:\AsusTC\AsusProb.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BoostSpeed] "F:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Translate with &Babylon - res://F:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAF7451-D11C-4C08-8687-13241601EFB1}: NameServer = 202.70.150.10,202.70.150.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - F:\Program Files\Gizmo Project\mDNSResponder.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZONELABS\vsmon.exe

[Panzer16]

Please reply. I just want to know, if there are any suspicious programs running on my computer. Thank you.

[Panzer16]

Please reply

[forhockey]

Hi and welcome to TSF.

We are fairly busy, so you will have to be patient.

Taken from the rules:

Quote:

2. Please be considerate of the fact that the people helping you are all volunteers, and in many cases usually have a job, and a limited amount of time to help, and therefore can only do so much. If no one has replied to your thread within 48hrs after you posted, please reply in your thread with the word BUMP to move it forward.

DO NOT Bump the thread unless 48 hours has passed. We work from oldest to newest posts so your wait will be longer if you bump it forward before the 48 hours is up.

There doesn't appear to be anything bad going on with your logs, so we will run a few scans to see if there is anything hiding.

--------------------------------------------------------------

Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription.

--------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file)

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt here.
5. Please attach extra.txt to your post.

To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:

   C:\Deckard\System Scanner\extra.txt
   

3. Click Upload.

What DSS will do:

• create a new System Restore point in Windows XP and Vista.
• clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
• check some important areas of your system and produce a report for your analyst to review. DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

--------------------------------------------------------------

Please include the following in your next reply:

Panda Online Scan
C:\Deckard\System Scanner\main.txt
C:\Deckard\System Scanner\extra.txt - Attached please

[Panzer16]

Yo thanks. I just replied to my other thread. I will get these things done and get back to you as soon as possible.

By the way, would it be ok, if I do the Panda scan from my other windows? That's in D. I usually use drive F. The reason why I am asking this is that I already have all the updates of Panda installed on that one and it will save me time and space.

[Panzer16]

I just downloaded the other software but can't do panda scan.

http://www.pandasecurity.com/homeuse...ns/activescan/

I click on the option of scan your pc now but nothing happens. I tried disabling my ad blocker in internet explorer and fire fox as well but it's not opening anywhere :s

[forhockey]

Lets try another online scanner then.....


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

[Panzer16]

Sure, I have this one installed already. By the way, can you please tell me what could be the ''possible'' problems for Panda software scan not working? When I click on the scan bar, nothing happens.

[forhockey]

Not sure why the scan doesn't work at times.. Uninstalling the Panda Definitions from Add/Remove programs sometimes works... Please don't do anything on the computer while scanning online.

[Panzer16]

Panda is not even installed. I just checked, there were no updates or anything related to panda saved here. What possibly could I do to make it work?

And by no activity you mean you want me to disable my DSL connection too and then do the scan with no other programs running? Am I supposed to close down softwares like Zone Alarm, AVG, Auslogics and Asus probe etc.?

[forhockey]

Please just scan at Kaspersky for the meantime. By no activity, I mean no surfing the web, downloading, working in word documents, etc. You need an active internet connection for this online scan to work, so do not disable your DSL connection. Please take the time to read my instructions carefully, as it stated at the very bottom to disable your AntiVirus software. You can leave Zone Alarm and Asus Probe running, but don't have anything else open like MSN Messenger, Microsoft Word, etc.

[Panzer16]

I deleted the file you told me to through Hijackthis and then did the the two scans. Here are the results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, December 07, 2007 10:18:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 7/12/2007
Kaspersky Anti-Virus database records: 474936
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\

Scan Statistics:
Total number of scanned objects: 86623
Number of viruses found: 2
Number of infected objects: 11
Number of suspicious objects: 0
Duration of the scan process: 01:40:48

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
D:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
D:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
E:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\Internet.evt Object is locked skipped
F:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped
F:\WINDOWS\system32\config\DEFAULT Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
F:\WINDOWS\system32\config\SYSTEM Object is locked skipped
F:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\Temp\ZLT01c57.TMP Object is locked skipped
F:\WINDOWS\Temp\ZLT01c5a.TMP Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\wiaservc.log Object is locked skipped
F:\WINDOWS\Sti_Trace.log Object is locked skipped
F:\WINDOWS\wiadebug.log Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\SoftwareDistribution\EventCache\{60E8B1B9-A3D3-43CA-89E3-BB89740B484A}.bin Object is locked skipped
F:\WINDOWS\SoftwareDistribution\EventCache\{9D84E6A9-186C-45C3-9EFC-04684B532B3E}.bin Object is locked skipped
F:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
F:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
F:\WINDOWS\Internet Logs\UDAY.ldb Object is locked skipped
F:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
F:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Temp\~DFC521.tmp Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007120720071208\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\UserData\index.dat Object is locked skipped
F:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
F:\Program Files\DAP\Offers\VA21_DAPSO.exe/WISE0009.BIN Infected: not-a-virus:AdTool.Win32.MyWebSearch.bk skipped
F:\Program Files\DAP\Offers\VA21_DAPSO.exe WiseSFX: infected - 1 skipped
F:\Program Files\DAP\Offers\VA21_DAPSO.exe WiseSFXDropper: infected - 1 skipped
F:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Program Files\mIRC\mirc.exe.BAK Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20071207-063142.log Object is locked skipped
F:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
G:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
H:\System Volume Information\_restore{E37F9644-1753-4965-855F-5099629F6208}\RP1\change.log Object is locked skipped
H:\mirc631.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
H:\mirc631.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
H:\mirc631.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
H:\mirc631.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.631 skipped
H:\mirc631.exe NSIS: infected - 4 skipped

Scan process completed.

[Panzer16]

Deckard's System Scanner v20071014.68
Run by Administrator on 2007-12-07 10:30:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 2 Restore Point(s) --
2: 2007-12-07 05:28:55 UTC - RP2 - Deckard's System Scanner Restore Point
1: 2007-12-06 08:01:22 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive F: has 0.67 GiB (less than 15%) free.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:31:47 AM, on 12/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZONELABS\vsmon.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\AsusTC\AsusProb.exe
C:\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
F:\WINDOWS\system32\svchost.exe
G:\Completed torrents\dss.exe
G:\COMPLE~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.m-w.com/dictionary
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.29.209.117 www.answers.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - F:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ASUS Probe] f:\AsusTC\AsusProb.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [BoostSpeed] "F:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O8 - Extra context menu item: &Clean Traces - F:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &ieSpell Options - res://F:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZNfox000
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://F:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Encarta &Definition - http://encarta.msn.com/encnet/featur...Dictionary.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://F:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://F:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/def...jolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDAF7451-D11C-4C08-8687-13241601EFB1}: NameServer = 202.70.150.10,202.70.150.11
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: igfxcui - F:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - F:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZONELABS\vsmon.exe


-- HijackThis Fixed Entries (G:\COMPLE~1\backups\) -----------------------------

backup-20071207-102735-493 O2 - BHO: SmartShopper - {2BA1C226-EC1B-4471-A65F-D0688AC6EE3A} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - f:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - f:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sisidex - f:\windows\system32\drivers\sisidex.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R0 sisperf (Add Performance Filter Driver) - f:\windows\system32\drivers\sisperf.sys <Not Verified; Silicon Integrated Systems Corp.; SiS Filer Driver>
R0 xmasbus - f:\windows\system32\drivers\xmasbus.sys
R0 xmasscsi - f:\windows\system32\drivers\xmasscsi.sys
R1 aslm75 - f:\windows\system32\drivers\aslm75.sys
R3 DCamUSBNW800 (LF-CAM100K) - f:\windows\system32\drivers\pcam800.sys <Not Verified; Divio Inc.; NW800 USB PC Camera>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - f:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>

S0 kl1 - f:\windows\system32\drivers\kl1.sys (file missing)
S2 P0250BUK (Creative PC-CAM 550 (Still)) - f:\windows\system32\drivers\p0250buk.sys (file missing)
S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - f:\windows\system32\drivers\alcxwdm.sys (file missing)
S3 P0250VID (Creative PC-CAM 550 (Video)) - f:\windows\system32\drivers\p0250v2k.sys (file missing)
S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - f:\windows\system32\drivers\rtl8139.sys (file missing)
S3 Ser2pl (Prolific2 Serial port driver) - f:\windows\system32\drivers\ser2pl.sys <Not Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable>
S3 TSP - f:\windows\system32\drivers\klif.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - f:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-12-02 20:07:02 280 --a------ F:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
2007-11-22 18:19:56 354 --a------ F:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2007-11-07 and 2007-12-07 -----------------------------

2007-12-07 07:20:21 0 d-------- F:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-07 07:20:20 0 d-------- F:\WINDOWS\system32\Kaspersky Lab
2007-12-07 06:41:01 0 d-------- F:\WINDOWS\LastGood
2007-12-06 08:51:21 0 d-------- F:\Program Files\free-downloads.net
2007-12-06 08:51:12 0 d-------- F:\Program Files\Alcohol Soft
2007-12-06 08:41:10 0 d-------- F:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-05 20:05:08 0 d-------- F:\Program Files\PC Wizard 2008
2007-12-05 18:10:47 0 d-------- F:\WINDOWS\nview
2007-12-04 09:35:26 0 d-------- F:\Program Files\Common Files\NSV
2007-11-27 22:15:01 0 d-------- F:\Program Files\Microsoft SQL Server Compact Edition
2007-11-27 21:40:19 0 d--hs---- F:\Program Files\Common Files\WindowsLiveInstaller
2007-11-27 21:40:13 0 d-------- F:\Program Files\Windows Live
2007-11-27 21:40:08 0 d-------- F:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-22 18:14:10 0 d-------- F:\Documents and Settings\All Users\Application Data\Uniblue
2007-11-22 09:07:56 0 dr-h----- F:\$VAULT$.AVG
2007-11-21 23:22:11 0 d-------- F:\Program Files\Common Files\xing shared
2007-11-19 23:48:16 0 d-------- F:\Program Files\Babylon
2007-11-19 20:22:28 0 d-------- F:\WINDOWS\system32\ZoneLabs
2007-11-19 19:37:06 0 d-------- F:\Program Files\mIRC
2007-11-19 13:41:36 0 d-------- F:\kav


-- Find3M Report ---------------------------------------------------------------

2007-12-07 06:32:08 4212 ---h----- F:\WINDOWS\system32\zllictbl.dat
2007-12-01 15:04:00 1744 --a------ F:\WINDOWS\system32\d3d9caps.dat
2007-11-21 23:02:08 1632 --a------ F:\WINDOWS\system32\d3d8caps.dat
2007-10-28 19:00:32 0 d-------- F:\Program Files\MSXML 6.0
2007-10-23 1708 585728 --a------ F:\WINDOWS\WLXPGSS.SCR <Not Verified; Microsoft Corporation; Windows Live Photo Gallery>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{965B54B0-71E0-4611-8DE7-F73FA0B20E26}"= F:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [11/01/2007 03:09 PM 265952]

[-HKEY_CLASSES_ROOT\CLSID\{965B54B0-71E0-4611-8DE7-F73FA0B20E26}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB.1]
[HKEY_CLASSES_ROOT\TypeLib\{162484B8-B114-453f-A344-C0B24B0F1D99}]
[HKEY_CLASSES_ROOT\BabylonTBLib.BabylonTB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="F:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [10/28/2007 12:50 PM]
"ASUS Probe"="f:\AsusTC\AsusProb.exe" [12/06/2002 04:07 PM]
"ZoneAlarm Client"="C:\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"TkBellExe"="F:\Program Files\Common Files\Real\Update_OB\realsched.exe" [11/21/2007 11:21 PM]
"NvCplDaemon"="F:\WINDOWS\system32\NvCpl.dll" [07/28/2003 02:19 PM]
"nwiz"="nwiz.exe" [07/28/2003 02:19 PM F:\WINDOWS\system32\nwiz.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="F:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"AlcoholAutomount"="F:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [07/02/2007 03:27 PM]
"NvMediaCenter"="F:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit" []
"BoostSpeed"="F:\Program Files\AusLogics BoostSpeed\boostspeed.exe" [03/30/2007 02:22 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"=1 (0x1)
"NoSaveSettings"=0 (0x0)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSharedDocuments"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"SPTISRV"=3 (0x3)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"PACSPTISVR"=3 (0x3)
"usnjsvc"=3 (0x3)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc6ddb5c-d2fb-11db-ae72-0015f2c24858}]

*Newly Created Service* - NVSVC



-- Hosts -----------------------------------------------------------------------

64.29.209.117 www.answers.com


-- End of Deckard's System Scanner: finished at 2007-12-07 10:33:03 ------------

[Panzer16]

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.40GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 1023.23 MiB / 659.63 MiB
Pagefile Memory (total/avail): 1696.86 MiB / 1433.06 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1931.5 MiB

A: is Removable (No Media)
C: is Fixed (FAT) - 2 GiB total, 0.55 GiB free.
D: is Fixed (FAT32) - 9.46 GiB total, 0.73 GiB free.
E: is Fixed (FAT32) - 2 GiB total, 0.26 GiB free.
F: is Fixed (FAT32) - 9.26 GiB total, 0.67 GiB free.
G: is Fixed (FAT32) - 9.26 GiB total, 2.42 GiB free.
H: is Fixed (FAT32) - 9.25 GiB total, 0.19 GiB free.
I: is CDROM (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST340014A - 37.27 GiB - 4 partitions
\PARTITION0 (bootable) - Unknown - 9.47 GiB - D:
\PARTITION1 - Extended w/Extended Int 13 - 27.8 GiB - F: - G: - H:

\\.\PHYSICALDRIVE1 - ST34321A - 4.01 GiB - 2 partitions
\PARTITION0 (bootable) - MS-DOS V4 Huge - 2047.32 MiB - C:
\PARTITION1 - Extended Partition - 2047.35 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntivirusOverride is set.

FW: ZoneAlarm Pro Firewall v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.503 v7.5.503 (Grisoft)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\\Program Files\\eMule\\eMule.exe"="F:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"H:\\stuff\\softwares\\utorrent.exe"="H:\\stuff\\softwares\\utorrent.exe:*:Enabled:µTorrent"
"F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="F:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"F:\\Program Files\\Google\\Google Talk\\googletalk.exe"="F:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\cs\\hl.exe"="D:\\cs\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"="F:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"
"F:\\Program Files\\Trillian Pro\\trillian.exe"="F:\\Program Files\\Trillian Pro\\trillian.exe:*:Enabled:Trillian"
"G:\\Completed torrents\\Utorrent 1.6.(474) + Optimal Settings + Sp2 Patch By Odiliada\\Utorrent 1.6.474.exe"="G:\\Completed torrents\\Utorrent 1.6.(474) + Optimal Settings + Sp2 Patch By Odiliada\\Utorrent 1.6.474.exe:*:Enabled:µTorrent"
"F:\\cs 1.6\\hl.exe"="F:\\cs 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"F:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="F:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="F:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="F:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"F:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="F:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"F:\\Documents and Settings\\Administrator\\Program Files\\uTorrent\\uTorrent.exe"="F:\\Documents and Settings\\Administrator\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"F:\\WINDOWS\\System32\\dpnsvr.exe"="F:\\WINDOWS\\System32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\\WINDOWS\\System32\\dxdiag.exe"="F:\\WINDOWS\\System32\\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"F:\\WINDOWS\\System32\\dpvsetup.exe"="F:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="F:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"F:\\mIRC\\mirc.exe"="F:\\mIRC\\mirc.exe:*:Enabled:mIRC"
"H:\\age\\Age Of Empire-II The Conquerors\\empires2.exe"="H:\\age\\Age Of Empire-II The Conquerors\\empires2.exe:*:Enabled:Age of Empires II"
"F:\\Program Files\\Gizmo Project\\mDNSResponder.exe"="F:\\Program Files\\Gizmo Project\\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="F:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="F:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="F:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\Program Files\\Skype\\Phone\\Skype.exe"="F:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=F:\Documents and Settings\All Users
APPDATA=F:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=F:\Program Files\Common Files
COMPUTERNAME=UDAY
ComSpec=F:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=F:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\UDAY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\system32\WBEM;F:\WINDOWS\system32;F:\WINDOWS;F:\WINDOWS\System32\Wbem;F:\WINDOWS\system32\WindowsPowerShell\v1.0
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=F:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=F:
SystemRoot=F:\WINDOWS
TEMP=F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=F:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=UDAY
USERNAME=Administrator
USERPROFILE=F:\Documents and Settings\Administrator
windir=F:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mudz (new local, admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> F:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9
--> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
µTorrent --> "F:\Documents and Settings\Administrator\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Ad-Aware SE Professional --> F:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> F:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> F:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> F:\WINDOWS\system32\MACROMED\SHOCKW~2\UNWISE.EXE F:\WINDOWS\system32\MACROMED\SHOCKW~2\INSTALL.LOG
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
ASUS Probe V2.23.02 --> F:\WINDOWS\uninst.exe -ff:\AsusTC\DeIsL1.isu -c"f:\AsusTC\probunis.dll"
ASUSDVD --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
AsusUpdate --> F:\WINDOWS\IsUninst.exe -f"F:\Program Files\ASUS\AsusUpdate\Uninst.isu"
AusLogics BoostSpeed --> "F:\Program Files\AusLogics BoostSpeed\unins000.exe"
AusLogics Disk Defrag --> "F:\Program Files\AusLogics Disk Defrag\unins000.exe"
AVG 7.5 --> F:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
Babylon Toolbar --> MsiExec.exe /I{67A339E5-D8AA-4E88-9278-A571B397F798}
Calculator Powertoy for Windows XP --> MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Camfrog Video Chat 3.92 (remove only) --> "F:\Program Files\Camfrog\Camfrog Video Chat\uninstall.exe"
CASHFLOW® THE E-GAME --> D:\PROGRA~1\CASHFLOW\UNWISE.EXE D:\PROGRA~1\CASHFLOW\INSTALL.LOG
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
CopyProfile --> MsiExec.exe /I{9A9ED54A-0FAB-4D34-A3B9-F6C659E1F898}
DivX Codec --> F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> F:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> F:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP) --> F:\PROGRA~1\DAP\DAPREMOVE.EXE
EA SPORTS(TM) Cricket 07 --> g:\EA SPORTS\EA SPORTS(TM) Cricket 07\EAUninstall.exe
eMule Plus 1.2a --> "F:\Program Files\eMule\unins000.exe"
FileSpecs extension for Ad-aware 6 --> F:\PROGRA~1\ADAWAR~1\FILESP~1\UNWISE.EXE F:\PROGRA~1\ADAWAR~1\FILESP~1\INSTALL.LOG
free-downloads.net Toolbar --> F:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE F:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Talk (remove only) --> "F:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Video Player --> "F:\Program Files\Google\Google Video Player\Uninstall.exe"
HexDump extension for Ad-aware 6 --> F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\HEXDUM~1\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\HEXDUM~1\INSTALL.LOG
HexDump plug-in for Ad-Aware SE --> F:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\hexdump\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~1\PLUGINS\hexdump\INSTALL.LOG
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 1.99.1 --> G:\Completed torrents\HijackThis.exe /uninstall
Hotfix for MSXML 2 (KB887606) --> "F:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
HTML Slideshow Powertoy for Windows XP --> MsiExec.exe /I{4E475FD4-4513-4B1D-8DDA-43912B068C99}
iDailyDiary 2.11 --> "F:\Program Files\iDailyDiary\unins000.exe"
ieSpell --> "F:\Program Files\ieSpell\uninst.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel Application Accelerator --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) 537EP Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP Modem"
IrfanView (remove only) --> F:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> F:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
LF-CAM100K --> F:\WINDOWS\pcamr800.exe
LSP Explorer Pluginfor Ad-aware 6 --> F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\LSPEXP~1\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\LSPEXP~1\INSTALL.LOG
MagicDisc 2.5.74 --> F:\PROGRA~1\MAGICD~1\UNWISE.EXE F:\PROGRA~1\MAGICD~1\INSTALL.LOG
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Messenger Control Plugin for Ad-aware --> F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\MESSEN~1\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\MESSEN~1\INSTALL.LOG
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
mIRC --> F:\Program Files\mIRC\uninstall.exe _?=F:\Program Files\mIRC
Mozilla Firefox (2.0.0.11) --> F:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Encarta Right-Click Dictionary --> MsiExec.exe /I{39A7E646-D7D1-4855-833A-2DEAC9ABD5ED}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Mustek 1200 UB Plus v2.0 --> F:\PROGRA~1\MUSTEK~1\DRIVER\UNINST.EXE
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe F:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OE Messenger Plugin for Ad-aware --> F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\OEWMES~1\UNWISE.EXE F:\PROGRA~1\LAVASOFT\AD-AWA~2\PLUGINS\OEWMES~1\INSTALL.LOG
OpenMG Limited Patch 4.0-04-08-02-01 --> F:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00 --> F:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
PC-CAM Center --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{D43F13A1-1E39-4BD4-9682-DF889FE75421}\SETUP.EXE" -l0x9 /remove
PC Wizard 2008.1.81 --> "F:\Program Files\PC Wizard 2008\unins000.exe"
QuickTime --> F:\WINDOWS\unvise32qt.exe F:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer --> F:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Registry Mechanic 6.0 --> "F:\Program Files\Registry Mechanic2\unins000.exe"
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Security Update for Step By Step Interactive Training (KB898458) --> "F:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Shockwave --> F:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE F:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
SiS 900 PCI Fast Ethernet Adapter Driver --> F:\Progra~1\SiSLan\Uninst.exe
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slideshow Generator Powertoy for Windows XP --> MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SonicStage 2.1.00 --> RunDll32 F:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe" -l0x9 UNINSTALL
Sony Ericsson File Manager --> MsiExec.exe /X{60E5B847-2353-4AE3-829E-685937EDDC40}
SyncToy --> MsiExec.exe /I{E7887F0B-066C-4D26-AFD9-62B72CF24D9A}
The Weather Channel Desktop --> F:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Timershot Powertoy for Windows XP --> MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
TSP_CODEC --> F:\Program Files\Bytescribe\TSP_CODEC\Uninst.exe /pid:{A90C03D6-08E1-4C59-B93B-6919A6C0AC19} /asd
Ulead Photo Express 3.0 SE --> F:\WINDOWS\IsUninst.exe -f"F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\Uninst.isu" -c"F:\Program Files\Ulead Systems\Ulead Photo Express 3.0 SE\IS32Inst.dll"
Virtual Desktop Manager Powertoy for Windows XP --> MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Weather Services --> F:\WINDOWS\system32\control.exe F:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Winamp --> "F:\Program Files\Winamp\UninstWA.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{257E440F-781F-459B-9A68-A0872B80C1D6}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "F:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> F:\Program Files\WinRAR\uninstall.exe
WordBiz version 1.8 --> "F:\Program Files\WordBiz\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Messenger --> F:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U F:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm Pro --> C:\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type5239 / Error
Event Submitted/Written: 12/06/2007 09:10:49 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: Mutex Recovery Code - app released the mutex - back to normal operation.

Event Record #/Type5238 / Error
Event Submitted/Written: 12/06/2007 09:10:49 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: Mutex Recovery Code - after 5 seconds, mutex still stuck. NView (and Mutexes) are now disabled.

Event Record #/Type5237 / Error
Event Submitted/Written: 12/06/2007 09:10:49 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (thread 0x918) (cmdName:Explorer.EXE) WindowManager.cpp 3404

Event Record #/Type5236 / Error
Event Submitted/Written: 12/06/2007 09:10:49 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: WAIT_TIMEOUT, LAST SUCCESS: (tid: 0x918) (pid: 0x914)

Event Record #/Type5235 / Error
Event Submitted/Written: 12/06/2007 09:10:48 AM / 12/06/2007 09:10:49 AM
Event ID/Source: 1 / nview_info
Event Description:
NVIEW : Explorer: WAIT_TIMEOUT: (process 0x540) (thread 0xb34) (wait 0x4) (pwait 0x1)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7916 / Error
Event Submitted/Written: 12/07/2007 06:31:59 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type7915 / Error
Event Submitted/Written: 12/07/2007 06:31:52 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The ClipBook service depends on the Network DDE service which failed to start because of the following error:
%%1058

Event Record #/Type7914 / Error
Event Submitted/Written: 12/07/2007 06:31:52 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The Creative PC-CAM 550 (Still) service failed to start due to the following error:
%%2

Event Record #/Type7898 / Error
Event Submitted/Written: 12/07/2007 06:22:17 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type7897 / Error
Event Submitted/Written: 12/07/2007 06:22:14 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The ClipBook service depends on the Network DDE service which failed to start because of the following error:
%%1058



-- End of Deckard's System Scanner: finished at 2007-12-07 10:33:03 ------------

[forhockey]

Hi Panzer16,

Please delete the following file in RED:

F:\Program Files\DAP\Offers\VA21_DAPSO.exe

-------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R3 - Default URLSearchHook is missing

Please remember to close all other windows, including browsers then click Fix checked.

--------------------------------------------------------------

Well done, your logs are clean! There are just a few more things I would like you to do.


Go to Start > Run - type ComboFix /u

Click OK

----------------------------------------------------------------

Reset Hidden/System Files and Folders

• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Advanced settings box option select the following:
  - Hide extensions for known file types
  - Hide protected operating system files
  - Do not show hidden files and folders .
• Click OK.

Reset System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Clear Firefox Cookies

• Click Tools -> Options
• Click Privacy Tab
• Click the "Show Cookies" button
• Click the "Remove All Cookies" button, which is at the bottom of the window.
• Click Close

Clear IE7 cookies

• On the Internet Explorer 6 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
• Double-click Internet Options to open Internet Properties.
• Click Delete Files button.
• Click Delete button across from Temporary Internet Files.
• Click Yes.
• Click Close.
• Click Ok.

Microsoft Updates

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Malware Prevention Tools

These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.

• SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
• IE-Spyad - Here is an installation guide -> http://www.techsupportforum.com/cont...ticles/63.html
• MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
• McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
• SpywareGuard - real-time protection that detects and blocks spyware before it can execute.

Alternative Web Browsers

Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.

• Firefox
• Opera

Firewalls

If you do not have a firewall, here are a few free ones available for personal use:

Understanding and Using Firewalls

• Comodo Personal Firewall
• ZoneAlarm
• OutPost Firewall

Informational Reading

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:

• PC SAFETY AND SECURITY
• How Did I Get Infected In The First Place?.
• THE ANTI-SPYWARE TUTORIAL
• STRONG PASSWORDS

Please respond to this thread one more time so we can mark this thread as resolved.

[Panzer16]

Go to Start > Run - type ComboFix /u

Thanks but this command didn't work.

And why do you want me to hide files?

[forhockey]

Sorry forgot to take that part out of my post. Ignore the ComboFix /u instructions.

It will only hide sensitive files which are located in your Windows/System32 folder, which is the best practice to have. It is your choice if you want to do that.

Regards,

[Panzer16]

Ok, cool, bro. Thanks again. One last question but it's a bit unrelated. I have a 4 GB and a 40 GB hard disk. What would be the rps of these two?

[forhockey]

You're welcome.

You would have to know the manufacturer of each hard drive, as each has different standards. The two hard drives probably incredibly slow, as most hard drives these days get up to 7200 RPMs. You should ask the hardware team in the link below:

Hard Drive Support Forum

Safe Surfing.

[Panzer16]

Well the brand name is Sea Gate. How can I know what rps they are?