just wanted to say thanks and..

[piki]

yesterday i went into porn site and infected my self with kind of trojan desktop hijacker (i know...i am stupid as hell rofl)
anyway..i started to get random messeges from the net..you know haha the usual ****. i used hijackthis and after shutdown and after few sec switched on, it looked like the pc is fine and the hijacker toolbar dispear, so..i left home to work and came back at night and..haha what a surprise..my desktop had new look with that red warning pic or what ever and i had 3 new shortcuts on the desktop :"error cleaner" "shield protector" or something like that. and...i had also 30 explorrer pages with alert's and very nice girls lol. so..in that moment i understood that the hijackthis and superantispyware didn't do it and under heavy attack of random messeges i surrfed to your site and found the solution:
http://www.techsupportforum.com/secu...ereferral.html

so..i wanted to say thanks alot for this great help and knowlege...i apriciate your help..also..is it ok? or do i need to clean more?
right now the pc is ok since the morning and its clean and run's great...no random messeges and no tool bars and i already switched off the pc and set back the system restore.

the funny thing is that i use to give pc support and i am the one that attacked my self..i was about to format the pc and your help saved me this long proccess:)

[LonnyRJones]

Hi piki

Please go through this process:

Quote:

Please follow as many of the 5 steps as possible and then post the required logs in this thread.
http://www.techsupportforum.com/secu...sting-log.html
Also in your next post please let us know of any problems you may have following the 5 steps and an update on system behaviour

You may wish to subscribe to this thread (thread tools > subscribe to this thread) so you are informed as soon as you receive a reply.

[piki]

hi:)

thanks for the reply, i followed the 5 steps and again...since the first clean i made (cleanining instructions i have found here) ,my pc works perfect, but just to make sure, i went with this 5 steps and here the logs:
*just one little thing befor:i have big file that contain 600-700 virruses on my system. folder name is "virus test" so, do not get in panic when you see this folder name in the logs, its a fake and this virus files meant to test anti virus software, so again..it's not active:)

*also attached log of the panda malaware free scan.

and now...to the logs:

Deckard's System Scanner v20071014.68
Run by Administrator on 2007-12-16 17:03:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2007-12-16 15:03:03 UTC - RP13 - Deckard's System Scanner Restore Point
12: 2007-12-16 14:36:31 UTC - RP12 - Software Distribution Service 3.0
11: 2007-12-15 18:19:22 UTC - RP11 - נקודת ביקורת של המערכת
10: 2007-12-14 18:07:58 UTC - RP10 - נקודת ביקורת של המערכת
9: 2007-12-13 17:58:15 UTC - RP9 - נקודת ביקורת של המערכת


-- First Restore Point --
1: 2007-12-04 11:27:32 UTC - RP1 - נקודת ביקורת של המערכת


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-12-16 17:04:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SoundMan.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\delttray.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrator\שולחן העבודה\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnceEx: [Flags] 8
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_03) - http://java.sun.com/update/1.6.0/jin...ws-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F59AB0C4-3443-4551-A78F-C101F9DE0215} (LauncherV1 Class) - http://irc.nana10.co.il/Cabs/launcher39.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{43017092-3744-4B62-BC31-6C0054E7C3E7}: NameServer = 192.116.202.222 213.8.172.83
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


--
End of file - 8554 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Administrator\שולחן העבודה\backups\) --------------------------------------------------------------------------------

backup-20071203-143530-148 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
backup-20071203-153023-763 O3 - Toolbar: The voipwet - {0687766B-F048-43D1-B33B-DBE6FE9AE712} - C:\WINDOWS\voipwet.dll
backup-20071203-234420-227 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
backup-20071203-234559-919 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20071204-003539-507 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R1 Asapi - c:\windows\system32\drivers\asapi.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AMON - c:\windows\system32\drivers\amon.sys <Not Verified; Eset; NOD32 Antivirus System>
R2 Nsynas32 - c:\windows\system32\drivers\nsynas32.sys <Not Verified; Syncrosoft Hard- und Software GmbH; Internet Protection Hardware Driver>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08600000&REV_0900\4&20F56C7A&0&0201
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0880&SUBSYS_08600000&REV_0900\4&20F56C7A&0&0201
Service: IntcAzAudAddService


-- Files created between 2007-11-16 and 2007-12-16 -----------------------------

2007-12-16 16:12:45 0 d-------- C:\Program Files\SpywareBlaster
2007-12-16 08:57:26 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-12-16 08:57:24 0 d-------- C:\WINDOWS\LastGood
2007-12-14 07:45:49 0 d-------- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2007-12-14 07:44:48 0 d-------- C:\Documents and Settings\Administrator\Application Data\GameHouse
2007-12-14 07:44:32 0 d-------- C:\Program Files\GameHouse
2007-12-10 12:18:28 0 d-------- C:\Program Files\WallaChat
2007-12-10 10:31:13 0 d--h----- C:\WINDOWS\PIF
2007-12-08 13:45:57 171280 --a------ C:\WINDOWS\system32\jit.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:57 139536 --a------ C:\WINDOWS\system32\javaee.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:57 313856 --a------ C:\WINDOWS\system32\dx3j.dll <Not Verified; Microsoft Corporation; Microsoft® DirectX for Java>
2007-12-08 13:45:57 46352 --a------ C:\WINDOWS\setdebug.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:57 6550 --a------ C:\WINDOWS\jautoexp.dat
2007-12-08 13:45:51 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-12-08 13:45:51 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-12-08 13:45:51 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:51 286992 --a------ C:\WINDOWS\system32\vmhelper.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:51 21264 --a------ C:\WINDOWS\system32\msjdbc10.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:50 945936 --a------ C:\WINDOWS\system32\msjava.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:50 154384 --a------ C:\WINDOWS\system32\msawt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:50 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:49 15120 --a------ C:\WINDOWS\system32\jdbgmgr.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:49 404752 --a------ C:\WINDOWS\system32\javart.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:49 63248 --a------ C:\WINDOWS\system32\javaprxy.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:49 187152 --a------ C:\WINDOWS\system32\javacypt.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:45:47 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2007-12-08 13:44:24 0 d-------- C:\Program Files\i2i Internet Solutions
2007-12-08 00:12:55 0 d-------- C:\Documents and Settings\Administrator\Application Data\WinRAR
2007-12-04 14:14:45 0 d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-12-04 13:08:04 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-12-04 01:19:37 2394 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-04 01:18:51 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2007-12-04 01:18:51 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2007-12-04 01:18:51 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2007-12-04 01:18:51 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2007-12-04 01:18:51 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-12-04 01:05:05 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-12-04 01:04:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 00:57:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\TrojanHunter
2007-12-03 23:39:22 0 d-------- C:\WINDOWS\CSC
2007-12-03 15:29:19 0 d-------- C:\Program Files\TrojanHunter 5.0
2007-12-03 14:49:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-03 14:49:38 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-03 14:49:38 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-12-03 14:49:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-01 20:21:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-11-27 23:29:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2007-11-27 17:45:56 14604 --a------ C:\WINDOWS\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
2007-11-27 16:29:42 0 d-------- C:\Program Files\PowerISO
2007-11-26 10:39:49 0 d-------- C:\Program Files\GStudio7
2007-11-26 10:39:11 0 d-------- C:\WINDOWS\Downloaded Installations
2007-11-26 00:11:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ulead Systems
2007-11-25 23:39:57 0 d-------- C:\Program Files\SmartSound Software
2007-11-25 23:39:57 0 d-------- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2007-11-25 23:38:04 0 d-------- C:\Program Files\Common Files\InterVideo
2007-11-25 23:37:59 0 d-------- C:\Documents and Settings\All Users\Application Data\InterVideo
2007-11-25 23:37:33 0 d-------- C:\Program Files\Windows Media Components
2007-11-25 23:36:44 0 d-------- C:\Program Files\Ulead Systems
2007-11-25 23:36:44 0 d-------- C:\Program Files\Common Files\Ulead Systems
2007-11-25 23:36:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-19 12:12:22 0 d-------- C:\Program Files\Jasc Software Inc
2007-11-19 12:12:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-11-18 01:46:37 0 d-------- C:\Program Files\Radish Works
2007-11-17 11:56:00 0 d-------- C:\Program Files\Amabilis
2007-11-17 10:30:58 2119539 --a------ C:\WINDOWS\LightWave 3D 9 Web Help Uninstaller.exe
2007-11-17 10:27:47 1228379 --a------ C:\WINDOWS\LightWave 3D 9 Uninstaller.exe
2007-11-17 10:27:22 0 d-------- C:\Program Files\NewTek


-- Find3M Report ---------------------------------------------------------------

2007-12-16 16:59:20 0 d-------- C:\Documents and Settings\Administrator\Application Data\Azureus
2007-12-16 16:59:02 0 d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2007-12-16 09:35:51 0 d-------- C:\Program Files\mIRC
2007-12-15 18:56:36 321 --a------ C:\WINDOWS\system32\tablet.dat
2007-12-11 1952 0 d-------- C:\Program Files\Windows Media Connect 2
2007-12-03 14:49:23 0 d-------- C:\Program Files\Common Files
2007-12-01 20:17:37 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei9
2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei8
2007-11-30 01:55:52 469 --a------ C:\WINDOWS\system32\Datei7
2007-11-30 01:55:52 465 --a------ C:\WINDOWS\system32\Datei6
2007-11-30 01:55:52 469 --a------ C:\WINDOWS\system32\Datei5
2007-11-30 01:55:52 471 --a------ C:\WINDOWS\system32\Datei4
2007-11-30 01:55:52 470 --a------ C:\WINDOWS\system32\Datei3
2007-11-30 01:55:52 471 --a------ C:\WINDOWS\system32\Datei2
2007-11-30 01:55:52 467 --a------ C:\WINDOWS\system32\Datei10
2007-11-30 01:55:52 470 --a------ C:\WINDOWS\system32\Datei1
2007-11-30 01:55:52 468 --a------ C:\WINDOWS\system32\Datei0
2007-11-27 18:05:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-11-27 17:45:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-11-25 23:39:23 0 d-------- C:\Program Files\QuickTime
2007-11-01 15:17:07 0 d-------- C:\Program Files\Common Files\SWF Studio
2007-11-01 11:58:08 0 d-------- C:\Program Files\Toon Boom Animation
2007-10-23 13:24:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Steinberg
2007-10-23 13:21:33 0 d-------- C:\Program Files\Steinberg
2007-10-22 21:42:53 0 d-------- C:\Program Files\Syncrosoft
2007-10-22 21:18:41 0 d-------- C:\Program Files\Pinnacle
2007-10-22 20:16:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Cakewalk
2007-10-22 20:14:28 0 d-------- C:\Program Files\Cakewalk
2007-10-22 20:14:04 118784 --a------ C:\WINDOWS\dsdxirmv.exe
2007-10-21 17:35:37 0 d-------- C:\Program Files\Accessdiver
2007-10-21 09:02:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-10-21 08:58:35 0 d-------- C:\Program Files\VideoLAN
2007-10-20 12:04:37 0 d-------- C:\Program Files\VOB
2007-10-19 15:29:49 81920 --a------ C:\WINDOWS\ALCFDRTM.EXE <Not Verified; Realtek Semiconductor Corp.; Realtek ALCFDRTM>
2007-10-18 10:07:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-10-18 10:07:06 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-18 10:05:43 0 d-------- C:\Program Files\Nero
2007-10-17 1637 0 d-------- C:\Program Files\DAEMON Tools
2007-10-17 13:56:06 0 d-------- C:\Program Files\Microsoft.NET
2007-10-17 11:43:41 0 d-------- C:\Program Files\M-Audio Delta
2007-10-17 11:34:47 0 d-------- C:\Program Files\Tablet
2007-10-17 11:23:31 0 d-------- C:\Documents and Settings\Administrator\Application Data\ScanSoft
2007-10-17 11:23:29 0 d-------- C:\Program Files\Common Files\ScanSoft Shared
2007-10-17 11:23:12 0 d-------- C:\Program Files\ScanSoft
2007-10-17 11:19:49 0 d-------- C:\Program Files\Canon
2007-10-17 11:13:43 0 d-------- C:\Program Files\Common Files\InstallShield
2007-10-16 15:30:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-16 15:29:02 0 d-------- C:\Program Files\Common Files\xing shared
2007-10-16 15:29:01 0 d-------- C:\Program Files\Real
2007-10-16 15:28:58 0 d-------- C:\Program Files\Common Files\Real
2007-10-16 15:19:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-10-16 13:10:03 0 d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2007-10-16 12:52:07 0 d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2007-10-16 12:02:12 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-10-14 22:34:20 274432 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
2007-10-14 22:25:30 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-10-14 20:57:21 247754 --a------ C:\WINDOWS\system32\perfh00d.dat
2007-10-14 20:57:21 39976 --a------ C:\WINDOWS\system32\perfc00d.dat
2007-10-14 20:49:36 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2007-10-14 20:36:00 0 -rahs---- C:\MSDOS.SYS
2007-10-14 20:36:00 0 -rahs---- C:\IO.SYS
2007-10-14 20:36:00 0 --a------ C:\CONFIG.SYS
2007-10-14 20:36:00 0 --a------ C:\AUTOEXEC.BAT
2007-10-14 20:32:24 22160 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-09-17 01:07:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-09-17 01:07:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-09-17 01:07:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-09-17 01:07:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-09-17 01:07:00 1478656 --a------ C:\WINDOWS\system32\nview.dll
2007-09-17 01:07:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-09-17 01:07:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-09-17 01:07:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [01/07/2005 05:07 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMan"="SOUNDMAN.EXE" [07/21/2006 04:14 PM C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [05/04/2006 04:26 PM C:\WINDOWS\alcwzrd.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [05/31/2006 02:13 AM]
"nwiz"="nwiz.exe" [09/17/2007 01:07 AM C:\WINDOWS\system32\nwiz.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/16/2007 03:28 PM]
"DeltTray"="DeltTray.exe" [08/26/2004 10:43 PM C:\WINDOWS\system32\delttray.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/17/2007 01:07 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 11:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/01/2006 03:57 PM]

C:\Documents and Settings\All Users\š”˜‰ˆ „š‡Œ„\š…‹�‰…š\„”’Œ„\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [17/10/2007 11:34:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^Adobe Acrobat Synchronizer.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\Adobe Acrobat Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
"C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pwnage_deluxe]
C:\WINDOWS\system32\ICQ_Lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

*Newly Created Service* - RKPAVPROC



-- End of Deckard's System Scanner: finished at 2007-12-16 17:05:24 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040d) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2046.73 MiB / 1506.58 MiB
Pagefile Memory (total/avail): 3942.71 MiB / 3602.79 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1921.79 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 9.73 GiB free.
D: is Fixed (NTFS) - 149.05 GiB total, 15.37 GiB free.
E: is Fixed (NTFS) - 82.49 GiB total, 10.46 GiB free.
F: is Fixed (NTFS) - 74.52 GiB total, 14.45 GiB free.
G: is CDROM (No Media)
H: is Fixed (NTFS) - 74.53 GiB total, 15.66 GiB free.
I: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3120026AS - 111.79 GiB - 2 partitions
\PARTITION0 (bootable) - מערכת קבצים ניתנת להתקנה - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 82.49 GiB - E:

\\.\PHYSICALDRIVE2 - ST3160815AS - 149.05 GiB - 1 partition
\PARTITION0 - מערכת קבצים ניתנת להתקנה - 149.05 GiB - D:

\\.\PHYSICALDRIVE3 - ST380817AS - 74.53 GiB - 1 partition
\PARTITION0 - מנהל דיסק לוגי - 74.53 GiB - H:

\\.\PHYSICALDRIVE1 - WDC WD800JD-00HKA0 - 74.53 GiB - 1 partition
\PARTITION0 - Extended w/Extended Int 13 - 74.52 GiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
UpdatesDisableNotify is set.

AV: Eset NOD32 antivirus system 2.51 v2.51 (Eset)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\\desk top folders befor format\\progies\\utorrent.exe"="D:\\desk top folders befor format\\progies\\utorrent.exe:*:Enabled:µTorrent"
"E:\\programs\\eMule_Flux_v0[1].47c_CHD_0706\\emule.exe"="E:\\programs\\eMule_Flux_v0[1].47c_CHD_0706\\emule.exe:*:Enabled:eMule"
"E:\\programs\\BitTornado\\btdownloadgui.exe"="E:\\programs\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"E:\\programs\\Azureus\\Azureus\\Azureus.exe"="E:\\programs\\Azureus\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"E:\\programs\\ABC\\abc.exe"="E:\\programs\\ABC\\abc.exe:*:Enabled:abc"
"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\\games\\WORMS MAYAM\\WORMS 4 MAYHEM.EXE"="H:\\games\\WORMS MAYAM\\WORMS 4 MAYHEM.EXE:*:Disabled:Worms 4 Mayhem"
"C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\StrongDC.exe"="C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\sdc203\\StrongDC.exe"="C:\\Documents and Settings\\Administrator\\שולחן העבודה\\desk top folders befor format\\sdc203\\sdc203\\StrongDC.exe:*:Enabled:StrongDC++"
"C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\hub.exe:*:Enabled:hub"
"C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe"="C:\\Program Files\\NewTek\\LightWave 3D 9\\Programs\\lightwav.exe:*:Enabled:lightwav"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CROW2004
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\CROW2004
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=CROW2004
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
עדכון עבור Windows XP (KB898461)‎ --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
3D Canvas --> MsiExec.exe /I{B4E9C7FF-2E85-4FDF-AC78-3D2DC7EF278E}
3D Canvas Upgrade --> MsiExec.exe /I{892E1BF8-A1CD-4825-8AF1-1B73CB387692}
AccessDiver v4.402 --> "C:\Program Files\Accessdiver\unins000.exe"
Adobe Acrobat 8 Professional - English, Franחais, Deutsch --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
ASAPI Update --> C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Azureus --> E:\programs\Azureus\Azureus\Uninstall.exe
Cakewalk VST Adapter 4 --> C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
Canon MP Drivers 7.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D335AC77-6F59-46D6-9082-F74A9F7E0FC3}\Setup.exe" -l0x9 -Uninstall
Canon MP Navigator 1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8653730A-683D-4C42-BB18-6471291D5DEA}\setup.exe" /SUUninstall
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\setup.exe" -l0x9 anything
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini
Delta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9
DreamStation DXi2 --> C:\WINDOWS\DSDXIRMV.EXE C:\PROGRAM FILES\CAKEWALK\SHARED DXI\AUDIO SIMULATION\DREAMSTATION DXI2
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
GameStudio / A7 --> MsiExec.exe /X{9E254561-0F60-4BA0-9276-ECAB61A6F11D}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Documents and Settings\Administrator\שולחן העבודה\HijackThis.exe /uninstall
Intel(R) PRO Network Connections 11.2.0.69 --> MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Jasc Paint Shop Pro 8 --> MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
K-Lite Codec Pack 3.4.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LightWave 3D 9 --> C:\WINDOWS\LightWave 3D 9 Uninstaller.exe
LightWave 3D 9 Web Help --> C:\WINDOWS\LightWave 3D 9 Web Help Uninstaller.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Multimedia Fusion 2 --> C:\Program Files\Multimedia Fusion 2\UninstMMF2.exe
Nero 7 Premium --> MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Radish Works Cosmos Creator --> MsiExec.exe /I{5A36B6A8-6AAD-43BA-A99A-8BEC51AC743D}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SONAR 4 Producer Edition --> C:\PROGRA~1\Cakewalk\SONAR4~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\SONAR4~1\INSTALL.LOG
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steinberg Cubase SX 3 --> "C:\Program Files\Steinberg\Cubase SX 3\Uninstall.exe" "C:\Program Files\Steinberg\Cubase SX 3\install.log"
Steinberg Cubase SX v2.2.0.33 --> C:\PROGRA~1\STEINB~1\CUBASE~2\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~2\INSTALL.LOG
Steinberg Cubase SX v3.1.1.944 --> C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
Steinberg WaveLab 5.01b --> C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Svetlograd --> C:\PROGRA~1\GAMEHO~1\SVETLO~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SVETLO~1\INSTALL.LOG
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Tablet --> C:\Program Files\Tablet\Remove.exe /u
Toon Boom Studio 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62616A4E-82E4-424A-A201-3D29ABB6B7FD}\setup.exe" -l0x9 UNINSTALL -removeonly
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type581 / Warning
Event Submitted/Written: 12/15/2007 07:00:36 PM
Event ID/Source: 60 / WinMgmt
Event Description:
‏‏ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001

Event Record #/Type572 / Warning
Event Submitted/Written: 12/13/2007 02:52:25 PM
Event ID/Source: 60 / WinMgmt
Event Description:
‏‏ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001

Event Record #/Type562 / Warning
Event Submitted/Written: 12/09/2007 05:43:38 PM
Event ID/Source: 60 / WinMgmt
Event Description:
‏‏ל- WMI ADAP לא היתה אפשרות לעבד את ספריות הביצועים: 0x80041001

Event Record #/Type553 / Error
Event Submitted/Written: 12/08/2007 07:44:30 PM
Event ID/Source: 1002 / Application Hang
Event Description:
‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 6.0.2900.2180, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

Event Record #/Type552 / Error
Event Submitted/Written: 12/08/2007 07:44:28 PM
Event ID/Source: 1002 / Application Hang
Event Description:
‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 6.0.2900.2180, מודול חוסר תגובה hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4150 / Warning
Event Submitted/Written: 12/16/2007 08:36:25 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type4030 / Warning
Event Submitted/Written: 12/15/2007 01:34:15 PM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type4029 / Warning
Event Submitted/Written: 12/15/2007 03:03:56 AM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type4028 / Warning
Event Submitted/Written: 12/15/2007 03:03:46 AM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.

Event Record #/Type4027 / Warning
Event Submitted/Written: 12/15/2007 03:03:38 AM
Event ID/Source: 3019 / MRxSmb
Event Description:
The redirector failed to determine the connection type.



-- End of Deckard's System Scanner: finished at 2007-12-16 17:05:24 ------------

[LonnyRJones]

I see you recently ran smithfraudfix, good you did, delete it, if it is ever needed again you would have to re-download.
Looking ok except for Your cracks and keygens
In my opinion none are safe

Virus:Generic Trojan Not disinfected F:\bin-cue\game maker 7 with crack.rar[Crack\GM70_DrXJ.exe][DrXJ.exe]
etc etc etc etc

[piki]

ok cool:)

thanks again.