Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox.exe process always open [RESOLVED]


  • This topic is locked This topic is locked

#1
global_warning

global_warning

    Member

  • Member
  • PipPip
  • 55 posts
I've noticed some very strange behavior in relation to
the firefox.exe process which is open in the task manager even when
I haven't actually opened or am using firefox.

These are some of the occurences:-
# firefox.exe automatically loads on Windows boot up.
# Windows Task Manager's Processes tab shows 2 or more copies of firefox.exe
# firefox.exe persists in Task Manager's Processes tab after Firefox is closed down normally from within the browser.
# firefox.exe persists in Task Manager's Processes tab after its process is manually killed via "End Task".

I have an idea that its some kind of trojan after googling the problem a bit but
I'm still not sure how to go about removing it.

Would appreciate some help.
  • 0

Advertisements


#2
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

Welcome to GeekstoGo! I'm Ltangelic and I'll be helping you fix your computer problem.

Take note that I'm still in training, and my posts will have to be checked by an expert. This may cause delays in between my responses, I ask for your patience. Please stick with me until we get your computer cleaned up or it will be a wasted effort on both sides. :)

Please do the following as a start:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok here's the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:15 PM, on 7/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\WinDriveGuard\DriveGuard.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\WINXP\System32\ups.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINXP\system32\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\dapbho.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - E:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [System Drives Protector] "C:\Program Files\WinDriveGuard\DriveGuard.exe" -run 
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-776561741-484061587-839522115-1003\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'RCMISHRA')
O4 - HKUS\S-1-5-21-776561741-484061587-839522115-1003\..\Run: [{1EC04D97-5F10-DD1B-0306-020403060503}] C:\Documents and Settings\RCMISHRA\Application Data\RSecSystem.exe (User 'RCMISHRA')
O4 - HKUS\S-1-5-21-776561741-484061587-839522115-1003\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'RCMISHRA')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: WinFol.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Webshots Photo Search - res://E:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12172 bytes

Tell me if you need anything else.
  • 0

#4
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

From your log, you seem to have multiple anti-virus and anti-spyware resident running. This is not recommended as multiple protection of the same kind can cause conflicts and reduce the efficiency of the softwares. I would recomend you to uninstall AVG7 (as you already have Symantec) and uninstall Ad-aware 2007 (keep Spybot S&D).

Your logs are not too bad, we need to run a scanner to dig deeper. :)

Please go to Add or Remove Programs and uninstall the following:

WinDriveGuard

Reboot your computer.

Please follow my instructions in the order they were given, and print out a copy of it as you may not have access to the forums during the fix.

1) Update Java

Your Java is out of date. Old versions of Java have vunerabilities that can compromise your computer, please do the following:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
2) Run ATF Cleaner to clean up temporary files

Please download ATF Cleaner by Atribune.
This program is for Windows 98/ME/2K/XP and VistaDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3) Remove entry with HijackThis

Please re-open HijackThis and Do a System Scan only. Put a check next to the entry below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HijackThis, then click Fix Checked. Close HijackThis.

4) Run Deckard's System Scanner

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


Next reply (please include):

DSS scan log
  • 0

#5
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok first of all I didnt find WinDriveGuard in the list of programs in Add/Remove programs,
but I did find a folder called WinDriveGuard in C:\Program Files\ so I deleted it.

Next

1) I updated Java and removed the older versions.

2) I downloaded and ran the ATF cleaner with the only exception that
that I chose not to remove the history, saved form info and saved passwords in
the firefox tab as i really use all those.

3) There was no problem removing the entry with hijackthis.

4) I downloaded dss, but my computer hung up when I ran it for the first time
so i had to manually reboot it. After rebooting the scan ran fine though
and heres the log file:-

Deckard's System Scanner v20071014.68
Run by MAULIK on 2008-07-21 20:55:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------



-- Last 1 Restore Point(s) --
1: 2008-07-21 15:17:34 UTC - RP438 - Deckard's System Scanner Restore Point


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 0.66 GiB (less than 15%) free.


-- HijackThis (run as MAULIK.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:20 PM, on 7/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINXP\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MAULIK\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MAULIK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - E:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [System Drives Protector] "C:\Program Files\WinDriveGuard\DriveGuard.exe" -run 
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: WinFol.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Webshots Photo Search - res://E:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11591 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080721-203959-868 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BootScreen - c:\winxp\\systemroot\system32\drivers\vidstub.sys (file missing)
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\winxp\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\winxp\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 VClone - c:\winxp\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\winxp\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\winxp\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 enodpl - c:\winxp\system32\drivers\enodpl.sys
R2 tandpl - c:\winxp\system32\drivers\tandpl.sys
R3 ElbyDelay - c:\winxp\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>

S0 aabhor - c:\winxp\system32\drivers\aabhor.sys (file missing)
S0 ar29 - c:\winxp\system32\drivers\ar29.sys (file missing)
S0 kygnk7 - c:\winxp\system32\drivers\kygnk7.sys (file missing)
S0 ohgscoxa - c:\winxp\system32\drivers\ookkffls.sys (file missing)
S0 viyubhcu - c:\winxp\system32\drivers\alksicsn.sys (file missing)
S1 abhcop - c:\winxp\system32\drivers\abhcop.sys (file missing)
S1 hcalway - c:\winxp\system32\drivers\hcalway.sys (file missing)
S1 pefmr9m - c:\winxp\system32\drivers\pefmr9m.sys (file missing)
S1 zyi - c:\winxp\system32\drivers\zyi.sys (file missing)
S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\winxp\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\winxp\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\winxp\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\winxp\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\winxp\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-21 20:50:06 440 --a------ C:\WINXP\Tasks\RegCure Program Check.job
2008-07-20 16:47:56 284 --a------ C:\WINXP\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-21 and 2008-07-21 -----------------------------

2022-12-28 22:42:32 0 d-------- C:\Documents And Settings
2022-12-28 19:28:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2022-12-23 19:25:44 0 d-------- C:\Program Files\Common Files\Adobe
2022-12-23 19:14:08 0 d-------- C:\Program Files\Web Publish
2022-12-23 19:13:18 0 d-------- C:\Program Files\Microsoft FrontPage
2022-12-23 19:12:24 0 d-------- C:\Program Files\Common Files\ODBC
2022-12-23 19:06:32 0 d-------- C:\Program Files\Common Files\Real
2022-12-23 19:00:02 0 d-------- C:\Program Files\Symantec
2022-12-23 19:00:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2022-12-23 18:20:04 0 d-------- C:\Program Files\ACDSee32
2022-12-23 18:13:34 0 d--hs---- C:\RECYCLED
2022-12-23 18:06:50 0 d-------- C:\Program Files\Roxio
2022-12-23 18:06:44 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2022-12-23 18:06:35 0 d-------- C:\Program Files\Common Files\InstallShield
2022-12-23 17:58:25 22 --a------ C:\AUTOEXEC.BAT
2022-12-23 17:53:20 0 d-------- C:\Program Files\SiS_Compatible_VGA_V2.07k
2008-07-20 22:24:17 0 d-------- C:\Program Files\Trend Micro
2008-07-20 16:50:29 0 d-------- C:\Program Files\iTunes
2008-07-20 16:49:53 0 d-------- C:\Program Files\Bonjour
2008-07-20 16:48:32 0 d-------- C:\Program Files\QuickTime
2008-07-20 16:47:45 0 d-------- C:\Program Files\Apple Software Update
2008-07-20 12:19:19 0 dr-h----- C:\Documents and Settings\MAULIK\Recent
2008-07-09 21:38:06 9736 --a------ C:\Documents and Settings\RCMISHRA\Application Data\RSecSystem.exe
2008-07-09 21:19:50 0 d--hs---- C:\FOUND.001
2008-07-06 10:02:26 0 d--hs---- C:\FOUND.000
2008-06-26 16:20:24 0 d--hs---- C:\FOUND.040
2008-06-24 15:43:06 0 d--hs---- C:\FOUND.039
2008-06-21 20:19:52 0 d--hs---- C:\FOUND.038


-- Find3M Report ---------------------------------------------------------------

2022-12-22 23:07:42 49152 ---hs---- C:\VIDEOROM.BIN
2022-12-22 23:06:14 11079 ---h----- C:\Program Files\folder.htt
2022-12-22 23:06:14 266 ---hs---- C:\Program Files\desktop.ini
2022-12-22 23:04:38 1685 -r-hs---- C:\MSDOS.SYS
2022-12-22 22:59:22 8501 ---hs---- C:\SUHDLOG.DAT
2022-12-22 22:56:14 0 d-------- C:\Program Files\PLUS!
2022-12-22 22:56:12 0 dr------- C:\Program Files\Common Files
2022-12-22 22:56:12 0 dr------- C:\Program Files\Accessories
2008-06-10 21:47:10 0 d-------- C:\Documents and Settings\MAULIK\Application Data\vlc
2008-06-10 21:46:22 0 d-------- C:\Program Files\VideoLAN
2008-06-07 11:15:44 0 d-------- C:\Program Files\gAlwaysIdle
2008-06-03 16:36:24 126976 --a------ C:\zip.exe
2008-06-03 16:36:24 1078 --a------ C:\ubtbuvkq.bat
2008-05-25 17:50:40 2542 --a------ C:\WINXP\unins000.dat
2008-05-25 17:47:08 691545 --a------ C:\WINXP\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/30/2005 08:21 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 04:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 03:18 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [05/16/2006 11:58 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/16/2007 05:41 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 06:51 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/19/2007 01:33 PM]
"SiSPower"="SiSPower.dll" [03/09/2006 03:04 AM C:\WINXP\system32\SiSPower.dll]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [06/09/2006 01:11 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:29 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 02:52 AM]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [01/08/2008 02:05 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/03/2008 02:23 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/09/2008 01:30 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [05/31/2006 04:00 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/03/2004 07:56 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents And Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 6:11:12 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"System Drives Protector"="C:\Program Files\WinDriveGuard\DriveGuard.exe" -run 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINXP\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINXP\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CdnCtr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoveSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
C:\WINXP\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINXP\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNet_Up]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Remote Log"=2 (0x2)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb0180a-dd8e-11da-8ab1-000d87406a90}]
AutoRun\command- I:\System\DriveGuard\DriveProtect.exe -run 
Explore\Command- I:\System\DriveGuard\DriveProtect.exe -run  
Open\Command- I:\System\DriveGuard\DriveProtect.exe -run 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846bf066-5c1a-11dc-8f75-000d87406a90}]
AutoRun\command- I:\System\DriveGuard\DriveProtect.exe -run 
Explore\Command- I:\System\DriveGuard\DriveProtect.exe -run  
Open\Command- I:\System\DriveGuard\DriveProtect.exe -run 


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
C:\WINXP\system32\SecSystem.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8833 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-21 20:58:11 ------------

Edited to add the extra.txt log file*

Here it is:-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.50GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 447.48 MiB / 114.5 MiB
Pagefile Memory (total/avail): 1055.1 MiB / 656.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.52 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 12.1 GiB total, 0.66 GiB free.
D: is Fixed (FAT32) - 12.1 GiB total, 1.68 GiB free.
E: is Fixed (FAT32) - 13.03 GiB total, 1.84 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 12.11 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 25.16 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.446 v7.5.446 (GRISOFT)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Valve\\Condition Zero\\czero.exe"="E:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"C:\\Metal\\fakk2.exe"="C:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe"="C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"E:\\New Folder\\LimeWire\\LimeWire.exe"="E:\\New Folder\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*:Enabled:lf2"
"D:\\Age Of Empire-II The Conquerors\\empires2.exe"="D:\\Age Of Empire-II The Conquerors\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II\\empires2.exe"="D:\\Age Of Empire-II\\empires2.exe:*:Enabled:Age of Empires II"
"E:\\Program Files\\DAP\\DAP.exe"="E:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\Aoe-r2r\\EMPIRESX.EXE"="D:\\Aoe-r2r\\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"D:\\Age Of Empire-II Age of kings\\empires2.exe"="D:\\Age Of Empire-II Age of kings\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II Age of kings\\age2_x1.exe"="D:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"E:\\AGEOFEM\\Empires.exe"="E:\\AGEOFEM\\Empires.exe:*:Enabled:Age of Empires"
"E:\\Program Files\\MSN Gaming Zone\\zclient.exe"="E:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
"C:\\WINXP\\System32\\dplaysvr.exe"="C:\\WINXP\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\\New Folder\\GameSpy Arcade\\Aphex.exe"="E:\\New Folder\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"E:\\ROADRASH\\ROADRASH.EXE"="E:\\ROADRASH\\ROADRASH.EXE:*:Enabled:Road Rash for Windows 95 Executable"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"="E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe"="C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe:*:Enabled:XIII"
"E:\\CS2D\\CounterStrike2D.exe"="E:\\CS2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"E:\\tremulous-1.1.0\\tremulous\\tremulous.exe"="E:\\tremulous-1.1.0\\tremulous\\tremulous.exe:*:Enabled:tremulous"
"E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe"="E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe:*:Enabled:Halo Zero "
"E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe:*:Enabled:SoF2MP-Test"
"C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe"="C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"E:\\Program Files\\Vampire city\\Vampirecity.exe"="E:\\Program Files\\Vampire city\\Vampirecity.exe:*:Enabled:Vampirecity"
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Soldat\\Soldat.exe"="E:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Metal\\fakk2.exe"="G:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Uplink\\uplink.exe"="C:\\Program Files\\Uplink\\uplink.exe:*:Enabled:uplink"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe:*:Enabled:DedicatedServer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Age Of Empire-II Age of kings\\age2_x1.exe"="C:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MAULIK\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MISHRA
ComSpec=C:\WINXP\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MAULIK
LOGONSERVER=\\MISHRA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINXP\system32;C:\WINXP;C:\WINXP\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\ORAWIN95\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINXP
TEMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
TMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
USERDOMAIN=MISHRA
USERNAME=MAULIK
USERPROFILE=C:\Documents and Settings\MAULIK
windir=C:\WINXP


-- User Profiles ---------------------------------------------------------------

RCMISHRA
MAULIK (admin)
SADHNA
SADHNA
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINXP\IsUninst.exe -f"E:\Program Files\CHS2000\Uninst.isu"
--> C:\WINXP\UNNeroVision.exe /UNINSTALL
--> C:\WINXP\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
#1 DVD Ripper 3.2 --> "E:\Program Files\NO1 DVD Ripper\unins000.exe"
ACDSee 32 --> C:\PROGRA~1\ACDSEE32\UNWISE.EXE C:\PROGRA~1\ACDSEE32\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINXP\IsUninst.exe -f"C:\WINXP\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
allwonders Maps Of India --> C:\WINXP\allwonders Maps Of India Uninstaller.exe
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins001.exe"
Apple Mobile Device Support --> MsiExec.exe /I{6D22289D-ED59-4F97-B636-2111EC64F5D4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVI to MPEG Converter --> E:\PROGRA~1\AVITOM~1\UNWISE.EXE E:\PROGRA~1\AVITOM~1\INSTALL.LOG
AVI/MPEG/RM/WMV Splitter 4.28 --> "E:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
BCArchive 1.0 --> "C:\WINXP\BCUnInstall.exe" C:\Program Files\Jetico\BCArchive\UnInstall.log
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BootSkin --> C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\UNWISE.EXE C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\INSTALL.LOG
BrainWave Generator --> C:\WINXP\IsUninst.exe -fC:\Bwgen\Uninst.isu
Car Thief 4.2 Demo --> "E:\Program Files\Car Thief\Uninstall.exe" "E:\Program Files\Car Thief\install.log"
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins004.exe"
CrazyTalk for Skype --> C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam Video IM Driver (1.00.07.00) --> C:\WINXP\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Video IM User's Guide (English) --> C:\WINXP\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM\Creative Live! Cam Video IM User's Guide\English\CTManual.isu"
Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Deer Hunter --> C:\WINXP\uninst.exe -fC:\WINXP\DeIsL1.isu
DIABLO II --> C:\WINXP\iun503.exe C:\Program Files\DIABLO II\irunin.ini
Disc2Phone --> MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dream Wheel --> MsiExec.exe /I{F03096E6-EF50-4F06-A37D-079E48961AC0}
EA SPORTS\NBA Live 2001 --> C:\WINXP\iun506.exe C:\nba2k\irunin.ini
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EVEREST Home Edition v2.20 --> "E:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Family Feud (remove only) --> "E:\Program Files\Yahoo! G

Edited by global_warning, 21 July 2008 - 09:43 AM.

  • 0

#6
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey, your DSS extra.txt got cut off, can you repost it in a new post?
  • 0

#7
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok sorry about that.

Heres the log file:-

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.50GHz
Percentage of Memory in Use: 74%
Physical Memory (total/avail): 447.48 MiB / 114.5 MiB
Pagefile Memory (total/avail): 1055.1 MiB / 656.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.52 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 12.1 GiB total, 0.66 GiB free.
D: is Fixed (FAT32) - 12.1 GiB total, 1.68 GiB free.
E: is Fixed (FAT32) - 13.03 GiB total, 1.84 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 12.11 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 25.16 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.446 v7.5.446 (GRISOFT)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Valve\\Condition Zero\\czero.exe"="E:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"C:\\Metal\\fakk2.exe"="C:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe"="C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"E:\\New Folder\\LimeWire\\LimeWire.exe"="E:\\New Folder\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*:Enabled:lf2"
"D:\\Age Of Empire-II The Conquerors\\empires2.exe"="D:\\Age Of Empire-II The Conquerors\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II\\empires2.exe"="D:\\Age Of Empire-II\\empires2.exe:*:Enabled:Age of Empires II"
"E:\\Program Files\\DAP\\DAP.exe"="E:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\Aoe-r2r\\EMPIRESX.EXE"="D:\\Aoe-r2r\\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"D:\\Age Of Empire-II Age of kings\\empires2.exe"="D:\\Age Of Empire-II Age of kings\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II Age of kings\\age2_x1.exe"="D:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"E:\\AGEOFEM\\Empires.exe"="E:\\AGEOFEM\\Empires.exe:*:Enabled:Age of Empires"
"E:\\Program Files\\MSN Gaming Zone\\zclient.exe"="E:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
"C:\\WINXP\\System32\\dplaysvr.exe"="C:\\WINXP\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\\New Folder\\GameSpy Arcade\\Aphex.exe"="E:\\New Folder\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"E:\\ROADRASH\\ROADRASH.EXE"="E:\\ROADRASH\\ROADRASH.EXE:*:Enabled:Road Rash for Windows 95 Executable"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"="E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe"="C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe:*:Enabled:XIII"
"E:\\CS2D\\CounterStrike2D.exe"="E:\\CS2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"E:\\tremulous-1.1.0\\tremulous\\tremulous.exe"="E:\\tremulous-1.1.0\\tremulous\\tremulous.exe:*:Enabled:tremulous"
"E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe"="E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe:*:Enabled:Halo Zero "
"E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe:*:Enabled:SoF2MP-Test"
"C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe"="C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"E:\\Program Files\\Vampire city\\Vampirecity.exe"="E:\\Program Files\\Vampire city\\Vampirecity.exe:*:Enabled:Vampirecity"
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Soldat\\Soldat.exe"="E:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Metal\\fakk2.exe"="G:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Uplink\\uplink.exe"="C:\\Program Files\\Uplink\\uplink.exe:*:Enabled:uplink"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe:*:Enabled:DedicatedServer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Age Of Empire-II Age of kings\\age2_x1.exe"="C:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MAULIK\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MISHRA
ComSpec=C:\WINXP\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MAULIK
LOGONSERVER=\\MISHRA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINXP\system32;C:\WINXP;C:\WINXP\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\ORAWIN95\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINXP
TEMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
TMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
USERDOMAIN=MISHRA
USERNAME=MAULIK
USERPROFILE=C:\Documents and Settings\MAULIK
windir=C:\WINXP


-- User Profiles ---------------------------------------------------------------

RCMISHRA
MAULIK (admin)
SADHNA
SADHNA
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINXP\IsUninst.exe -f"E:\Program Files\CHS2000\Uninst.isu"
--> C:\WINXP\UNNeroVision.exe /UNINSTALL
--> C:\WINXP\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
#1 DVD Ripper 3.2 --> "E:\Program Files\NO1 DVD Ripper\unins000.exe"
ACDSee 32 --> C:\PROGRA~1\ACDSEE32\UNWISE.EXE C:\PROGRA~1\ACDSEE32\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINXP\IsUninst.exe -f"C:\WINXP\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
allwonders Maps Of India --> C:\WINXP\allwonders Maps Of India Uninstaller.exe
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins001.exe"
Apple Mobile Device Support --> MsiExec.exe /I{6D22289D-ED59-4F97-B636-2111EC64F5D4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVI to MPEG Converter --> E:\PROGRA~1\AVITOM~1\UNWISE.EXE E:\PROGRA~1\AVITOM~1\INSTALL.LOG
AVI/MPEG/RM/WMV Splitter 4.28 --> "E:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
BCArchive 1.0 --> "C:\WINXP\BCUnInstall.exe" C:\Program Files\Jetico\BCArchive\UnInstall.log
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BootSkin --> C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\UNWISE.EXE C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\INSTALL.LOG
BrainWave Generator --> C:\WINXP\IsUninst.exe -fC:\Bwgen\Uninst.isu
Car Thief 4.2 Demo --> "E:\Program Files\Car Thief\Uninstall.exe" "E:\Program Files\Car Thief\install.log"
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins004.exe"
CrazyTalk for Skype --> C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam Video IM Driver (1.00.07.00) --> C:\WINXP\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Video IM User's Guide (English) --> C:\WINXP\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM\Creative Live! Cam Video IM User's Guide\English\CTManual.isu"
Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Deer Hunter --> C:\WINXP\uninst.exe -fC:\WINXP\DeIsL1.isu
DIABLO II --> C:\WINXP\iun503.exe C:\Program Files\DIABLO II\irunin.ini
Disc2Phone --> MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Dream Wheel --> MsiExec.exe /I{F03096E6-EF50-4F06-A37D-079E48961AC0}
EA SPORTS\NBA Live 2001 --> C:\WINXP\iun506.exe C:\nba2k\irunin.ini
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EVEREST Home Edition v2.20 --> "E:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Family Feud (remove only) --> "E:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe"
FastCapPro 1.4.5 --> "C:\Program Files\FastCapPro\unins000.exe"
FastStone Image Viewer 2.5 --> E:\Program Files\FastStone Image Viewer\uninst.exe
FIFA 2005 --> E:\Program Files\EA SPORTS\FIFA 2005\EAUninstall.exe
Flamethrower Pack 1.00a for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins005.exe"
FLV Player 1.3.3 --> "E:\Program Files\FLVPlayer\uninstall.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Fraps --> "E:\Fraps\uninstall.exe"
gAlwaysIdle --> "C:\Program Files\gAlwaysIdle\uninstall.exe"
Game Maker 6.1 --> C:\Program Files\Game_Maker6\Uninstal.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
GraphCalc v4.0.1 --> "E:\Program Files\GraphCalc\unins000.exe"
Halo Zero - Version 1.8.6.3 --> E:\Program Files\Dobermann\Halo Zero\Uninstal.exe
Highway Pursuit v1.1 --> "E:\Program Files\HighwayPursuit\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iPod Reset Utility --> MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
iTunes --> MsiExec.exe /I{B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Koko Arena 1.0 --> "C:\Program Files\Nology\Koko Arena\SETUP\setup.exe" /u
LimeWire PRO 4.12.6 --> "E:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 v1.9 --> C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Living Beaches 1 Wallpaper --> C:\WINXP\WEB\Wallpaper\Living Beaches 1 dir\uninstall.exe
Macromedia Shockwave Player --> C:\WINXP\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINXP\system32\MACROMED\SHOCKW~1\Install.log
Magic Burning Studio v10.4.1 --> "C:\Program Files\Magic Burning Studio\unins000.exe"
Maruti Driving School Interactive CD Rom For Car Drivers (English Ver.) --> C:\WINXP\st6unst.exe -n "C:\Program Files\Mds Car English !\ST6UNST.LOG"
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Meteor Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins002.exe"
Microsoft Golf 3.0 DEMO --> c:\glf_demo\setup\setup.exe
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
New SAT --> C:\WINXP\unvise32.exe C:\Program Files\The Princeton Review\Practice Test System\newsatuninstall.log
New Star Soccer 3 --> E:\Program Files\New Star Soccer 3\Uninstal.exe
NHL 2002 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF846DE0-A5F9-11D5-0089-C400C04FAE70}\setup.exe" -l0x9 Uninstall
Nicknames for MSN Messenger --> C:\Program Files\MSN Names\Uninstall.exe
Nuke Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins006.exe"
Pcsx2 0.9.1 Watermoose --> "E:\Program Files\Pcsx2\unins000.exe"
Pocket Tanks Deluxe 1.00a --> "C:\Program Files\Pocket Tanks Deluxe\unins000.exe"
Pool 'm Up --> E:\PROGRA~1\POOL'M~1\UNINSTALL\UNINSTALL.EXE E:\PROGRA~1\POOL'M~1\UNINSTALL\INSTALL.LOG
Power Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins003.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quake II Demo --> C:\WINXP\IsUninst.exe -fC:\Q2Demo\Uninst.isu
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.2.0.4 --> E:\Program Files\RegCure\uninst.exe
Scorched3D 39.1 --> C:\Program Files\Scorched3D\uninst.exe
Screensaver Factory 4 Pro --> "E:\Program Files\Screensaver Factory 4 Pro\unins000.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem22.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snood for Windows version 3.0-W --> "C:\Program Files\Snood\unins000.exe"
Soldat 1.3.1 --> E:\Soldat\unins000.exe
SONIC CD Killer ! --> C:\WINXP\SCUNINST.EXE C:\WINXP\SONIC.INI
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINXP\unins000.exe"
SpywareBlaster v3.5.1 --> "E:\Program Files\SpywareBlaster\unins000.exe"
Street Bike Fury 1.0 --> "C:\Program Files\Street Bike Fury\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uplink --> C:\WINXP\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtua Fighter 2 Demo Uninstall --> C:\WINXP\Vf2DUist.EXE C:\WINXP\VF2DEMO.INI
Virtual DJ - Atomix Productions --> E:\PROGRA~1\VIRTUA~1\UNWISE.EXE E:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WCW Nitro PC (Demo) --> C:\WINXP\uninst.exe -f"E:\Program Files\THQ\WCW Nitro PC (Demo)\DeIsL1.isu" -c"E:\Program Files\THQ\WCW Nitro PC (Demo)\_ISREG32.DLL"
Webshots Desktop --> "E:\Program Files\Webshots\unins000.exe"
Webshots Toolbar --> E:\Program Files\Webshots\ToolbarUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinASO Registry Optimizer 2.8 --> "C:\Program Files\WinASO\Registry Optimizer 2.8\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINXP\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wine Country of California --> "E:\Program Files\Wine Country Screensaver\uninstall Wine Country of California.exe"
WinPatrol --> MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB4BF4E2-89BB-44D8-8A25-404275EFD85D}\setup.exe" -l0x9
XviD 1.1 final uninstall --> "E:\Program Files\XviD\unins000.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\YAHOO!\COMMON\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZSoft Uninstaller 2.3.4 --> C:\Program Files\ZSoft\Uninstaller\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3379 / Error
Event Submitted/Written: 07/21/2008 08:20:03 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: W32.SillyDC in File: C:\Program Files\WinDriveGuard\DriveGuard.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type3370 / Error
Event Submitted/Written: 07/21/2008 08:15:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mediamonkey.exe, version 2.5.5.996, faulting module mediamonkey.exe, version 2.5.5.996, fault address 0x0000453e.
Processing media-specific event for [mediamonkey.exe!ws!]

Event Record #/Type3347 / Error
Event Submitted/Written: 07/20/2008 04:53:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.0.43, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type3346 / Error
Event Submitted/Written: 07/20/2008 04:53:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.0.43, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type3336 / Warning
Event Submitted/Written: 07/20/2008 04:33:25 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}', feature 'Fax' failed during request for component '{662E9395-9291-11D6-8707-00B0D0236D7F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47803 / Error
Event Submitted/Written: 07/21/2008 08:52:33 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
abhcop
ar29
Avg7Core
Avg7RsXP
hcalway
kygnk7
ohgscoxa
pefmr9m
viyubhcu
zyi

Event Record #/Type47802 / Error
Event Submitted/Written: 07/21/2008 08:52:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG7 Update Service service failed to start due to the following error:
%%3

Event Record #/Type47801 / Error
Event Submitted/Written: 07/21/2008 08:52:33 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG7 Alert Manager Server service failed to start due to the following error:
%%3

Event Record #/Type47800 / Error
Event Submitted/Written: 07/21/2008 08:49:16 PM / 07/21/2008 08:49:56 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type47769 / Error
Event Submitted/Written: 07/21/2008 08:19:29 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
abhcop
ar29
Avg7Core
Avg7RsXP
hcalway
kygnk7
ohgscoxa
pefmr9m
viyubhcu
zyi



-- End of Deckard's System Scanner: finished at 2008-07-21 20:58:11 ------------
  • 0

#8
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

There are some infected files on your computer, but no worries, we'll remove them all. :)

First

Please go to Add or Remove Programs and remove the following (if present):

LimeWire PRO 4.12.6 <--This is a P2P program that can bring security risks to your computer, it is advised that you remove it.
Ares

Reboot your computer.

1) Use OTMoveIt2 to remove infected entries

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\FOUND.001
    C:\FOUND.000
    C:\FOUND.040
    C:\FOUND.039
    C:\FOUND.038
    C:\Program Files\Ares
    C:\zip.exe
    C:\ubtbuvkq.bat
    I:\System\DriveGuard
    C:\WINXP\system32\SecSystem.exe
    C:\Documents and Settings\RCMISHRA\Application Data\RSecSystem.exe
    C:\Program Files\WinDriveGuard
    ar29 <delete service>
    kygnk7 <delete service>
    ohgscoxa <delete service>
    viyubhcu <delete service>
    abhcop <delete service>
    hcalway <delete service>
    pefmr9m <delete service>
    zyi <delete service>
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\System Drives Protector
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CdnCtr
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoveSearch
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNet_Up
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb0180a-dd8e-11da-8ab1-000d87406a90}
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846bf066-5c1a-11dc-8f75-000d87406a90}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1EC04D97-5F10-DD1B-0306-020403060503}
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2) Get new DSS logs

Click on Start, click on Run
Copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
Click on Check All
Click Scan
DSS will now run again when finished
Please post back both logs that open in notepad
Main txt and extra txt

Next reply (please include):

DSS logs
OTMoveIt2 log

  • 0

#9
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
First of all thanks for all your time and help, i really appreciate it. :)

Here's the OTMoveit2 log:-

C:\FOUND.001 moved successfully.
C:\FOUND.000 moved successfully.
C:\FOUND.040 moved successfully.
C:\FOUND.039 moved successfully.
C:\FOUND.038 moved successfully.
File/Folder C:\Program Files\Ares not found.
C:\zip.exe moved successfully.
C:\ubtbuvkq.bat moved successfully.
File/Folder I:\System\DriveGuard not found.
File move failed. C:\WINXP\system32\SecSystem.exe scheduled to be moved on reboot.
C:\Documents and Settings\RCMISHRA\Application Data\RSecSystem.exe moved successfully.
File/Folder C:\Program Files\WinDriveGuard not found.
ar29 service deleted successfully.
kygnk7 service deleted successfully.
ohgscoxa service deleted successfully.
viyubhcu service deleted successfully.
abhcop service deleted successfully.
hcalway service deleted successfully.
pefmr9m service deleted successfully.
zyi service deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\System Drives Protector >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run\\System Drives Protector deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CdnCtr >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CdnCtr\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoveSearch >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoveSearch\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNet_Up >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchNet_Up\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb0180a-dd8e-11da-8ab1-000d87406a90} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bb0180a-dd8e-11da-8ab1-000d87406a90}\\ deleted successfully.
< HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846bf066-5c1a-11dc-8f75-000d87406a90} >
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{846bf066-5c1a-11dc-8f75-000d87406a90}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503} >
Registry key HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}\\ deleted successfully.
< HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1EC04D97-5F10-DD1B-0306-020403060503} >
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1EC04D97-5F10-DD1B-0306-020403060503}\\ not found.
< purity >
< emptytemp >
File delete failed. C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_674.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_cdc.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07222008_211413

Files moved on Reboot...
C:\WINXP\system32\SecSystem.exe moved successfully.
File C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_674.dat not found!
File C:\DOCUME~1\MAULIK\LOCALS~1\Temp\Perflib_Perfdata_cdc.dat not found!

I'll paste the dss log in the next reply.
  • 0

#10
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Here are the dss logs:-

main.txt

Deckard's System Scanner v20071014.68
Run by MAULIK on 2008-07-22 21:29:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-22 15:59:25 UTC - RP440 - Deckard's System Scanner Restore Point
1: 2008-07-21 15:42:23 UTC - RP439 - Removed Dream Wheel


Performed disk cleanup.

Total Physical Memory: 448 MiB (512 MiB recommended).
System Drive C: has 1.09 GiB (less than 15%) free.


-- HijackThis (run as MAULIK.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:29:57 PM, on 7/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\MAULIK\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MAULIK.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - E:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: WinFol.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Webshots Photo Search - res://E:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11340 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080721-203959-868 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BootScreen - c:\winxp\\systemroot\system32\drivers\vidstub.sys (file missing)
R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\winxp\system32\drivers\prohlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\winxp\system32\drivers\sfhlp01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 VClone - c:\winxp\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\winxp\system32\drivers\prodrv06.sys <Not Verified; Protection Technology; StarForce Protection System>
R2 ElbyCDIO (ElbyCDIO Driver) - c:\winxp\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 enodpl - c:\winxp\system32\drivers\enodpl.sys
R2 tandpl - c:\winxp\system32\drivers\tandpl.sys
R3 ElbyDelay - c:\winxp\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>

S0 aabhor - c:\winxp\system32\drivers\aabhor.sys (file missing)
S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\winxp\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\winxp\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\winxp\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800mgmt (Sony Ericsson W800 USB WMC Device Management Drivers) - c:\winxp\system32\drivers\w800mgmt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Device Management>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\winxp\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\WINXP\system32\svchost.exe (pid 1040)
2007-07-24 15:17:08 147456 --a------ C:\Program Files\Bonjour\mdnsNSP.dll <Not Verified; Apple Inc.; Bonjour>

C:\WINXP\explorer.exe (pid 2208)
2006-10-18 21:47:22 133632 -----n--- C:\WINXP\system32\WPDShServiceObj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 166912 -----n--- C:\WINXP\system32\PortableDeviceTypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2006-10-18 21:47:18 284160 -----n--- C:\WINXP\system32\PortableDeviceApi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-01-09 16:10:18 65536 --a------ C:\Program Files\gAlwaysIdle\gidle.dll


-- Scheduled Tasks -------------------------------------------------------------

2008-07-22 21:17:40 440 --a------ C:\WINXP\Tasks\RegCure Program Check.job
2008-07-20 16:47:56 284 --a------ C:\WINXP\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2022-12-28 22:42:32 0 d-------- C:\Documents And Settings
2022-12-28 19:28:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2022-12-23 19:25:44 0 d-------- C:\Program Files\Common Files\Adobe
2022-12-23 19:14:08 0 d-------- C:\Program Files\Web Publish
2022-12-23 19:13:18 0 d-------- C:\Program Files\Microsoft FrontPage
2022-12-23 19:12:24 0 d-------- C:\Program Files\Common Files\ODBC
2022-12-23 19:06:32 0 d-------- C:\Program Files\Common Files\Real
2022-12-23 19:00:02 0 d-------- C:\Program Files\Symantec
2022-12-23 19:00:01 0 d-------- C:\Program Files\Common Files\Symantec Shared
2022-12-23 18:20:04 0 d-------- C:\Program Files\ACDSee32
2022-12-23 18:13:34 0 d--hs---- C:\RECYCLED
2022-12-23 18:06:50 0 d-------- C:\Program Files\Roxio
2022-12-23 18:06:44 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2022-12-23 18:06:35 0 d-------- C:\Program Files\Common Files\InstallShield
2022-12-23 17:58:25 22 --a------ C:\AUTOEXEC.BAT
2022-12-23 17:53:20 0 d-------- C:\Program Files\SiS_Compatible_VGA_V2.07k
2008-07-21 21:19:35 0 dr-h----- C:\Documents and Settings\MAULIK\Recent
2008-07-20 22:24:17 0 d-------- C:\Program Files\Trend Micro
2008-07-20 16:50:29 0 d-------- C:\Program Files\iTunes
2008-07-20 16:49:53 0 d-------- C:\Program Files\Bonjour
2008-07-20 16:48:32 0 d-------- C:\Program Files\QuickTime
2008-07-20 16:47:45 0 d-------- C:\Program Files\Apple Software Update


-- Find3M Report ---------------------------------------------------------------

2022-12-22 23:07:42 49152 ---hs---- C:\VIDEOROM.BIN
2022-12-22 23:06:14 11079 ---h----- C:\Program Files\folder.htt
2022-12-22 23:06:14 266 ---hs---- C:\Program Files\desktop.ini
2022-12-22 23:04:38 1685 -r-hs---- C:\MSDOS.SYS
2022-12-22 22:59:22 8501 ---hs---- C:\SUHDLOG.DAT
2022-12-22 22:56:14 0 d-------- C:\Program Files\PLUS!
2022-12-22 22:56:12 0 dr------- C:\Program Files\Common Files
2022-12-22 22:56:12 0 dr------- C:\Program Files\Accessories
2008-06-10 21:47:10 0 d-------- C:\Documents and Settings\MAULIK\Application Data\vlc
2008-06-10 21:46:22 0 d-------- C:\Program Files\VideoLAN
2008-06-07 11:15:44 0 d-------- C:\Program Files\gAlwaysIdle
2008-05-25 17:50:40 2542 --a------ C:\WINXP\unins000.dat
2008-05-25 17:47:08 691545 --a------ C:\WINXP\unins000.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [11/30/2005 08:21 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [02/29/2004 04:44 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [03/12/2004 03:18 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [05/16/2006 11:58 AM]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/16/2007 05:41 PM]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [04/29/2006 06:51 PM]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [04/19/2007 01:33 PM]
"SiSPower"="SiSPower.dll" [03/09/2006 03:04 AM C:\WINXP\system32\SiSPower.dll]
"AVFX Engine"="C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [06/09/2006 01:11 AM]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [06/08/2007 08:29 PM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/02/2007 02:52 AM]
"gidle"="C:\Program Files\gAlwaysIdle\gidle.exe" [01/08/2008 02:05 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/03/2008 02:23 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/09/2008 01:30 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Live! Cam Manager"="C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [05/31/2006 04:00 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
"ctfmon.exe"="C:\WINXP\system32\ctfmon.exe" [08/03/2004 07:56 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents And Settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [4/9/2003 6:11:12 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINXP\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINXP\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NCLaunch]
C:\WINXP\NCLAUNCH.EXe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINXP\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Remote Log"=2 (0x2)


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]
C:\WINXP\system32\SecSystem.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8833 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-22 21:31:15 ------------
  • 0

Advertisements


#11
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
extra.txt


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.50GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 447.48 MiB / 155.08 MiB
Pagefile Memory (total/avail): 1055.1 MiB / 674.25 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1903.52 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 12.1 GiB total, 1.09 GiB free.
D: is Fixed (FAT32) - 12.1 GiB total, 1.68 GiB free.
E: is Fixed (FAT32) - 13.03 GiB total, 1.84 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD400EB-11CPF0 - 37.27 GiB - 3 partitions
\PARTITION0 (bootable) - Unknown - 12.11 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 25.16 GiB - D: - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG 7.5.446 v7.5.446 (GRISOFT)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\\Valve\\Condition Zero\\czero.exe"="E:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\DAP\\DAP.exe"="C:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:YServer Module"
"C:\\Metal\\fakk2.exe"="C:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe"="C:\\Documents And Settings\\MAULIK\\Local Settings\\Temp\\~os1B.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"E:\\New Folder\\LimeWire\\LimeWire.exe"="E:\\New Folder\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe"="E:\\Program Files\\LittleFighter2\\LF2_v1.9\\lf2.exe:*:Enabled:lf2"
"D:\\Age Of Empire-II The Conquerors\\empires2.exe"="D:\\Age Of Empire-II The Conquerors\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II\\empires2.exe"="D:\\Age Of Empire-II\\empires2.exe:*:Enabled:Age of Empires II"
"E:\\Program Files\\DAP\\DAP.exe"="E:\\Program Files\\DAP\\DAP.exe:*:Enabled:Download Accelerator Plus (DAP)"
"D:\\Aoe-r2r\\EMPIRESX.EXE"="D:\\Aoe-r2r\\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"D:\\Age Of Empire-II Age of kings\\empires2.exe"="D:\\Age Of Empire-II Age of kings\\empires2.exe:*:Enabled:Age of Empires II"
"D:\\Age Of Empire-II Age of kings\\age2_x1.exe"="D:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"E:\\AGEOFEM\\Empires.exe"="E:\\AGEOFEM\\Empires.exe:*:Enabled:Age of Empires"
"E:\\Program Files\\MSN Gaming Zone\\zclient.exe"="E:\\Program Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
"C:\\WINXP\\System32\\dplaysvr.exe"="C:\\WINXP\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"E:\\New Folder\\GameSpy Arcade\\Aphex.exe"="E:\\New Folder\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"E:\\ROADRASH\\ROADRASH.EXE"="E:\\ROADRASH\\ROADRASH.EXE:*:Enabled:Road Rash for Windows 95 Executable"
"C:\\Program Files\\Ares\\Ares.exe"="C:\\Program Files\\Ares\\Ares.exe:*:Enabled:Ares"
"E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe"="E:\\My Documents\\Maulik\\TRANSFER\\Virtua Tennis\\VIRTUA_TENNIS_PC.exe:*:Enabled:VIRTUA_TENNIS_PC"
"C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe"="C:\\Program Files\\Ubi Soft\\XIII\\System\\XIII.exe:*:Enabled:XIII"
"E:\\CS2D\\CounterStrike2D.exe"="E:\\CS2D\\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe"="C:\\WINXP\\System32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"E:\\tremulous-1.1.0\\tremulous\\tremulous.exe"="E:\\tremulous-1.1.0\\tremulous\\tremulous.exe:*:Enabled:tremulous"
"E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe"="E:\\Program Files\\Dobermann\\Halo Zero\\halozero.exe:*:Enabled:Halo Zero "
"E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe"="E:\\Program Files\\Soldier of Fortune II - Double Helix MP TEST\\SoF2MP-Test.exe:*:Enabled:SoF2MP-Test"
"C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe"="C:\\Program Files\\The Princeton Review\\Practice Test System\\New SAT\\Practice Test System.exe:*:Enabled:Macromedia Projector"
"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"="C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client"
"E:\\Program Files\\Vampire city\\Vampirecity.exe"="E:\\Program Files\\Vampire city\\Vampirecity.exe:*:Enabled:Vampirecity"
"E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="E:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Disabled:ET"
"E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="E:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"E:\\StubInstaller.exe"="E:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"E:\\Program Files\\LimeWire\\LimeWire.exe"="E:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"E:\\Soldat\\Soldat.exe"="E:\\Soldat\\Soldat.exe:*:Enabled:Soldat"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"G:\\Metal\\fakk2.exe"="G:\\Metal\\fakk2.exe:*:Enabled:Heavy Metal : Fakk 2"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Uplink\\uplink.exe"="C:\\Program Files\\Uplink\\uplink.exe:*:Enabled:uplink"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe:*:Enabled:SeriousSam"
"C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe"="C:\\Program Files\\Croteam\\Serious Sam\\Bin\\DedicatedServer.exe:*:Enabled:DedicatedServer"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Age Of Empire-II Age of kings\\age2_x1.exe"="C:\\Age Of Empire-II Age of kings\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\MAULIK\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MISHRA
ComSpec=C:\WINXP\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\MAULIK
LOGONSERVER=\\MISHRA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINXP\system32;C:\WINXP;C:\WINXP\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\ORAWIN95\BIN
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINXP
TEMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
TMP=C:\DOCUME~1\MAULIK\LOCALS~1\Temp
USERDOMAIN=MISHRA
USERNAME=MAULIK
USERPROFILE=C:\Documents and Settings\MAULIK
windir=C:\WINXP


-- User Profiles ---------------------------------------------------------------

RCMISHRA
MAULIK (admin)
SADHNA
SADHNA
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\WINXP\IsUninst.exe -f"E:\Program Files\CHS2000\Uninst.isu"
--> C:\WINXP\UNNeroVision.exe /UNINSTALL
--> C:\WINXP\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINXP\INF\PCHealth.inf
#1 DVD Ripper 3.2 --> "E:\Program Files\NO1 DVD Ripper\unins000.exe"
ACDSee 32 --> C:\PROGRA~1\ACDSEE32\UNWISE.EXE C:\PROGRA~1\ACDSEE32\INSTALL.LOG
Ad-Aware 2007 --> MsiExec.exe /X{0E6AB9FC-76C2-431B-9C06-6C1CFFFEA8EB}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe SVG Viewer --> C:\WINXP\IsUninst.exe -f"C:\WINXP\System32\Adobe\SVG Viewer\Uninst.isu"
Advanced Video FX Engine --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5BA7C09-E523-478C-9C37-A1D86C76383E}\setup.exe" -l0x9 /remove
Aliens vs. Predator 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}\SETUP.EXE"
allwonders Maps Of India --> C:\WINXP\allwonders Maps Of India Uninstaller.exe
Ambush Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins001.exe"
Apple Mobile Device Support --> MsiExec.exe /I{6D22289D-ED59-4F97-B636-2111EC64F5D4}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avance AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
AVI to MPEG Converter --> E:\PROGRA~1\AVITOM~1\UNWISE.EXE E:\PROGRA~1\AVITOM~1\INSTALL.LOG
AVI/MPEG/RM/WMV Splitter 4.28 --> "E:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
BCArchive 1.0 --> "C:\WINXP\BCUnInstall.exe" C:\Program Files\Jetico\BCArchive\UnInstall.log
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BootSkin --> C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\UNWISE.EXE C:\PROGRA~1\STARDOCK\WINCUS~1\BOOTSKIN\INSTALL.LOG
BrainWave Generator --> C:\WINXP\IsUninst.exe -fC:\Bwgen\Uninst.isu
Car Thief 4.2 Demo --> "E:\Program Files\Car Thief\Uninstall.exe" "E:\Program Files\Car Thief\install.log"
CCleaner (remove only) --> "E:\Program Files\CCleaner\uninst.exe"
Chaos Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins004.exe"
CrazyTalk for Skype --> C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0009 -removeonly /remove
Creative Live! Cam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6BE926E5-66F4-4166-A5E5-E14D7A165BBD}\setup.exe" -l0x9 /remove
Creative Live! Cam Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{15B3F9F8-4CF9-452A-9AF2-AA8553765DA7}\setup.exe" -l0x9 /remove
Creative Live! Cam Video IM Driver (1.00.07.00) --> C:\WINXP\CtDrvIns.exe -uninstall -script VF0220.uns -unsext NT -plugin V0220Pin.dll -pluginres CtCamPin.crl
Creative Live! Cam Video IM User's Guide (English) --> C:\WINXP\IsUninst.exe -f"C:\Program Files\Creative\Creative Live! Cam Video IM\Creative Live! Cam Video IM User's Guide\English\CTManual.isu"
Creative Photo Calendar --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C81600D-D6C7-4687-9362-DD4A78B3483E}\setup.exe" -l0x9 /remove
Creative Photo Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{513D9FB1-27A2-44E4-8F2D-77A6737921A5}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DIABLO II --> C:\WINXP\iun503.exe C:\Program Files\DIABLO II\irunin.ini
Disc2Phone --> MsiExec.exe /I{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
EA SPORTS\NBA Live 2001 --> C:\WINXP\iun506.exe C:\nba2k\irunin.ini
EasyCleaner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EVEREST Home Edition v2.20 --> "E:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Family Feud (remove only) --> "E:\Program Files\Yahoo! Games\Family Feud\Uninstall.exe"
FastCapPro 1.4.5 --> "C:\Program Files\FastCapPro\unins000.exe"
FastStone Image Viewer 2.5 --> E:\Program Files\FastStone Image Viewer\uninst.exe
FIFA 2005 --> E:\Program Files\EA SPORTS\FIFA 2005\EAUninstall.exe
Flamethrower Pack 1.00a for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins005.exe"
FLV Player 1.3.3 --> "E:\Program Files\FLVPlayer\uninstall.exe"
FoxyTunes for Firefox --> "C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Fraps --> "E:\Fraps\uninstall.exe"
gAlwaysIdle --> "C:\Program Files\gAlwaysIdle\uninstall.exe"
Game Maker 6.1 --> C:\Program Files\Game_Maker6\Uninstal.exe
GameSpy Arcade --> C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
GdiplusUpgrade --> MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar6.dll"
GraphCalc v4.0.1 --> "E:\Program Files\GraphCalc\unins000.exe"
Halo Zero - Version 1.8.6.3 --> E:\Program Files\Dobermann\Halo Zero\Uninstal.exe
Highway Pursuit v1.1 --> "E:\Program Files\HighwayPursuit\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Memories Disc --> MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\Hewlett-Packard\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\Hewlett-Packard\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
iPod for Windows 2005-11-17 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{8338BA06-E527-491B-9400-F51708FEE695} /l1033
iPod Reset Utility --> MsiExec.exe /X{20ED157B-1A84-4DF7-945E-4951A38A9CBA}
iTunes --> MsiExec.exe /I{B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Koko Arena 1.0 --> "C:\Program Files\Nology\Koko Arena\SETUP\setup.exe" /u
LimeWire PRO 4.12.6 --> "E:\Program Files\LimeWire\uninstall.exe"
Little Fighter 2 v1.9 --> C:\Program Files\LittleFighter2\LF2_v1.9\Uninstal.exe
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Living Beaches 1 Wallpaper --> C:\WINXP\WEB\Wallpaper\Living Beaches 1 dir\uninstall.exe
Macromedia Shockwave Player --> C:\WINXP\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINXP\system32\MACROMED\SHOCKW~1\Install.log
Magic Burning Studio v10.4.1 --> "C:\Program Files\Magic Burning Studio\unins000.exe"
Maruti Driving School Interactive CD Rom For Car Drivers (English Ver.) --> C:\WINXP\st6unst.exe -n "C:\Program Files\Mds Car English !\ST6UNST.LOG"
MediaMonkey 2.5 --> "C:\Program Files\MediaMonkey\unins000.exe"
Megaupload Toolbar --> C:\Program Files\MegauploadToolbar\uninstall.exe
Meteor Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins002.exe"
Microsoft Golf 3.0 DEMO --> c:\glf_demo\setup\setup.exe
Microsoft Office 2000 Premium --> MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5 --> MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
New SAT --> C:\WINXP\unvise32.exe C:\Program Files\The Princeton Review\Practice Test System\newsatuninstall.log
New Star Soccer 3 --> E:\Program Files\New Star Soccer 3\Uninstal.exe
NHL 2002 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF846DE0-A5F9-11D5-0089-C400C04FAE70}\setup.exe" -l0x9 Uninstall
Nicknames for MSN Messenger --> C:\Program Files\MSN Names\Uninstall.exe
Nuke Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins006.exe"
Pcsx2 0.9.1 Watermoose --> "E:\Program Files\Pcsx2\unins000.exe"
Pocket Tanks Deluxe 1.00a --> "C:\Program Files\Pocket Tanks Deluxe\unins000.exe"
Pool 'm Up --> E:\PROGRA~1\POOL'M~1\UNINSTALL\UNINSTALL.EXE E:\PROGRA~1\POOL'M~1\UNINSTALL\INSTALL.LOG
Power Pack 1.00 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins003.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Quake II Demo --> C:\WINXP\IsUninst.exe -fC:\Q2Demo\Uninst.isu
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegCure 1.2.0.4 --> E:\Program Files\RegCure\uninst.exe
Scorched3D 39.1 --> C:\Program Files\Scorched3D\uninst.exe
Screensaver Factory 4 Pro --> "E:\Program Files\Screensaver Factory 4 Pro\unins000.exe"
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem22.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
Skype™ 3.2 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Snood for Windows version 3.0-W --> "C:\Program Files\Snood\unins000.exe"
Soldat 1.3.1 --> E:\Soldat\unins000.exe
SONIC CD Killer ! --> C:\WINXP\SCUNINST.EXE C:\WINXP\SONIC.INI
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINXP\unins000.exe"
SpywareBlaster v3.5.1 --> "E:\Program Files\SpywareBlaster\unins000.exe"
Street Bike Fury 1.0 --> "C:\Program Files\Street Bike Fury\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uplink --> C:\WINXP\IsUninst.exe -f"C:\Program Files\Uplink\Uninst.isu"
VideoLAN VLC media player 0.8.6f --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtua Fighter 2 Demo Uninstall --> C:\WINXP\Vf2DUist.EXE C:\WINXP\VF2DEMO.INI
Virtual DJ - Atomix Productions --> E:\PROGRA~1\VIRTUA~1\UNWISE.EXE E:\PROGRA~1\VIRTUA~1\INSTALL.LOG
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
WCW Nitro PC (Demo) --> C:\WINXP\uninst.exe -f"E:\Program Files\THQ\WCW Nitro PC (Demo)\DeIsL1.isu" -c"E:\Program Files\THQ\WCW Nitro PC (Demo)\_ISREG32.DLL"
Webshots Desktop --> "E:\Program Files\Webshots\unins000.exe"
Webshots Toolbar --> E:\Program Files\Webshots\ToolbarUninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinASO Registry Optimizer 2.8 --> "C:\Program Files\WinASO\Registry Optimizer 2.8\unins000.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime --> "C:\WINXP\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wine Country of California --> "E:\Program Files\Wine Country Screensaver\uninstall Wine Country of California.exe"
WinPatrol --> MsiExec.exe /X{8E0D233D-8B06-47A1-BA22-3A767CCD69E3}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XIII --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB4BF4E2-89BB-44D8-8A25-404275EFD85D}\setup.exe" -l0x9
XviD 1.1 final uninstall --> "E:\Program Files\XviD\unins000.exe"
Yahoo! Anti-Spy --> C:\PROGRA~1\YAHOO!\COMMON\unypsr.exe
Yahoo! extras --> C:\PROGRA~1\YAHOO!\COMMON\unyext.exe
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
Yahoo! Search Protection --> C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZSoft Uninstaller 2.3.4 --> C:\Program Files\ZSoft\Uninstaller\uninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type3379 / Error
Event Submitted/Written: 07/21/2008 08:20:03 PM
Event ID/Source: 5 / Symantec AntiVirus
Event Description:
Threat Found!Threat: W32.SillyDC in File: C:\Program Files\WinDriveGuard\DriveGuard.exe by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Delete succeeded : Access denied. Action Description: The file was deleted successfully.

Event Record #/Type3370 / Error
Event Submitted/Written: 07/21/2008 08:15:43 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application mediamonkey.exe, version 2.5.5.996, faulting module mediamonkey.exe, version 2.5.5.996, fault address 0x0000453e.
Processing media-specific event for [mediamonkey.exe!ws!]

Event Record #/Type3347 / Error
Event Submitted/Written: 07/20/2008 04:53:41 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.0.43, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type3346 / Error
Event Submitted/Written: 07/20/2008 04:53:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application itunes.exe, version 7.7.0.43, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x000105f8.
Processing media-specific event for [itunes.exe!ws!]

Event Record #/Type3336 / Warning
Event Submitted/Written: 07/20/2008 04:33:25 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}', feature 'Fax' failed during request for component '{662E9395-9291-11D6-8707-00B0D0236D7F}'



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type47873 / Error
Event Submitted/Written: 07/22/2008 09:17:18 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Avg7Core
Avg7RsXP

Event Record #/Type47872 / Error
Event Submitted/Written: 07/22/2008 09:17:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG7 Update Service service failed to start due to the following error:
%%3

Event Record #/Type47871 / Error
Event Submitted/Written: 07/22/2008 09:17:18 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The AVG7 Alert Manager Server service failed to start due to the following error:
%%3

Event Record #/Type47870 / Error
Event Submitted/Written: 07/22/2008 09:16:21 PM / 07/22/2008 09:16:31 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type47865 / Error
Event Submitted/Written: 07/22/2008 09:14:15 PM
Event ID/Source: 11 / PlugPlayManager
Event Description:
The device Root\LEGACY_ABIAIDE\0000 disappeared from the system without first being prepared for removal.



-- End of Deckard's System Scanner: finished at 2008-07-22 21:31:15 ------------
  • 0

#12
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

Your logs look much better now. Just one stubborn entry to remove and some scans to do. :)

1) Use a registry script to remove infected entry

Before doing any registry edits, please do a backup by performing the following steps:

  • Go to Start>Run and type regedit and then Enter.
  • On the left hand side of the window, ensure that My Computer is highlighted.
  • Click on File>Export and make sure that Export Range is set to All.
  • Save the file as backup.reg in C drive.
Next

Please open notepad, and copy/paste the following text (including REGEDIT4) into the notepad window:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1EC04D97-5F10-DD1B-0306-020403060503}]

  • Save the file above as fix.reg on dekstop.
  • Double click on it. A window will open asking if you want to merge it with the registry, click "Yes".
  • Reboot your computer

2) Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

2) Scan with Kaspersky

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Next reply (please include):

Fresh HijackThis log
MBAM scan log
Kaspersky scan log
A description of how your computer is doing

  • 0

#13
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Well my computer seems to be doing ok, the 2 firefox.exe processes have
stopped running so thats good although the kaspersky scan picked up
quite a few infections so i guess i'm not quite out of the woods just yet :)

Heres a new HijackThis log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:08:45 PM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINXP\System32\ups.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\gAlwaysIdle\gidle.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar6.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\YAHOO!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Webshots Toolbar - {C17590D2-ECB4-4b15-8820-F58798DCC118} - E:\Program Files\Webshots\WSToolbar4IE.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar6.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [gidle] "C:\Program Files\gAlwaysIdle\gidle.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Program Files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - .DEFAULT User Startup: WinFol.exe (User 'Default user')
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Webshots Photo Search - res://E:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - (no file)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINXP\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 11316 bytes
  • 0

#14
global_warning

global_warning

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
heres the MBAM log:-

Malwarebytes' Anti-Malware 1.22
Database version: 984
Windows 5.1.2600 Service Pack 2

9:46:33 PM 7/23/2008
mbam-log-7-23-2008 (21-46-33).txt

Scan type: Quick Scan
Objects scanned: 46436
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearc...com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearc...com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearc...q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearc...q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINXP\system32\824223 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\MAULIK\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAULIK\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAULIK\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\MAULIK\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\WINXP\Explorer.sav (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Heres the kaspersky log:-

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, July 24, 2008 12:03:37 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/07/2008
Kaspersky Anti-Virus database records: 1001351
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 94251
Number of viruses found: 14
Number of infected objects: 31
Number of suspicious objects: 0
Duration of the scan process: 01:31:09

Infected Object Name / Virus Name / Last Action
C:\Program Files\DAP\DAPIEBar.dll Infected: not-a-virus:AdWare.Win32.Dap.d skipped
C:\Program Files\iWin Games\iWinGamesHookIE.dll Infected: not-a-virus:AdWare.Win32.AdMedia.g skipped
C:\Documents And Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000.VBN/avenger/WinNB58.dll Infected: not-a-virus:AdWare.Win32.Mirar.k skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000.VBN ZIP: infected - 1 skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000.VBN CryptZ: infected - 1 skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0001.VBN Infected: not-virus:Hoax.Win32.Agent.ct skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN/script.au3 Infected: Worm.Win32.AutoIt.ar skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN Embedded: infected - 1 skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01180000.VBN CryptZ: infected - 1 skipped
C:\Documents And Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents And Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents And Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents And Settings\MAULIK\ntuser.dat Object is locked skipped
C:\Documents And Settings\MAULIK\NTUSER.DAT.LOG Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Temp\~DF1B13.tmp Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\History\History.IE5\MSHist012008072420080725\index.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents And Settings\MAULIK\Cookies\index.dat Object is locked skipped
C:\Deckard\System Scanner\20080722212824\backup\WINXP\Downloaded Program Files\ipcwt3w.dll Infected: not-a-virus:AdWare.Win32.Zhongsou.d skipped
C:\Deckard\System Scanner\20080722212824\backup\WINXP\Downloaded Program Files\v3f1nw.dll Infected: not-a-virus:AdWare.Win32.Zhongsou.d skipped
C:\Deckard\System Scanner\20080722212824\backup\WINXP\Downloaded Program Files\nj6rirx.dll Infected: not-a-virus:AdWare.Win32.Zhongsou.d skipped
C:\WINXP\system32\config\system.LOG Object is locked skipped
C:\WINXP\system32\config\software.LOG Object is locked skipped
C:\WINXP\system32\config\default.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY Object is locked skipped
C:\WINXP\system32\config\SAM.LOG Object is locked skipped
C:\WINXP\system32\config\SECURITY.LOG Object is locked skipped
C:\WINXP\system32\config\AppEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SecEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SysEvent.Evt Object is locked skipped
C:\WINXP\system32\config\SAM Object is locked skipped
C:\WINXP\system32\config\SYSTEM Object is locked skipped
C:\WINXP\system32\config\SOFTWARE Object is locked skipped
C:\WINXP\system32\config\DEFAULT Object is locked skipped
C:\WINXP\system32\config\Internet.evt Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINXP\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINXP\system32\h323log.txt Object is locked skipped
C:\WINXP\Debug\PASSWD.LOG Object is locked skipped
C:\WINXP\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINXP\WindowsUpdate.log Object is locked skipped
C:\WINXP\Sti_Trace.log Object is locked skipped
C:\WINXP\wiaservc.log Object is locked skipped
C:\WINXP\wiadebug.log Object is locked skipped
C:\WINXP\SchedLgU.Txt Object is locked skipped
C:\WINXP\distro_SelectRebatesSetup_um1001.exe Infected: Trojan-Spy.Win32.Agent.aan skipped
C:\System Volume Information\_restore{E25051FD-5C06-4924-91A0-B8B98D9D198F}\RP441\change.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\07222008_211413\WINXP\system32\SecSystem.exe Infected: Backdoor.Win32.Poison.dzd skipped
C:\_OTMoveIt\MovedFiles\07222008_211413\Documents and Settings\RCMISHRA\Application Data\RSecSystem.exe Infected: Backdoor.Win32.Poison.dzd skipped
D:\My Music\latest\07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
D:\My Music\Incomplete\Preview-T-3200824-07 Track 7.wma Infected: Trojan-Downloader.WMA.Wimad.l skipped
E:\downloads1\sdsetup.exe/file60 Infected: Trojan-Downloader.Win32.Delf.gcy skipped
E:\downloads1\sdsetup.exe Inno: infected - 1 skipped
E:\downloads1\ssf-snr-a-setup4257_1870058492.exe/file13 Infected: Trojan-Clicker.Win32.Small.tl skipped
E:\downloads1\ssf-snr-a-setup4257_1870058492.exe Inno: infected - 1 skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer skipped
E:\New Folder\Install-MSN-Names.exe NSIS: infected - 9 skipped

Scan process completed.
  • 0

#15
Ltangelic

Ltangelic

    Angel Annihilator of Malware

  • Retired Staff
  • 2,008 posts
Hey global_warning,

It seems that you have cracking applications on your computer, they can compromise your computer security and bring in lots of malware, please refrain from using these applications in the future.

Your logs look much better now. :) Just a few more files to clear up.

1) Use OTMoveIt2 to remove bad files

  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]C:\Program Files\iWin Games\iWinGamesHookIE.dll
    C:\Program Files\DAP\DAPIEBar.dll 
    C:\WINXP\distro_SelectRebatesSetup_um1001.exe
    D:\My Music\Incomplete\Preview-T-3200824-07 Track 7.wma 
    E:\downloads1
    E:\New Folder
    purity
    emptytemp
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

2) Scan with DrWeb.CureIt

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

3) Update Adobe Reader

Please uninstall the current version of Adobe you have and go here to install the latest version.

Next reply (please include):

Fresh HijackThis log
OTMoveIt2 log
DrWeb.CureIt scan log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP