Wont show hidden files and folders

**sungod000** · #1 02-04-2008, 12:01 AM

I have this strange thing happening. I'm using Windows XP. In Windows Explorer, in the Tools, Folder Options dialog box, when I select "Show hidden files and folders", then click Apply and OK, the hidden files and folders are not shown. When I go back into the dialog box, the option is not selected anymore. Instead it reverts back to "Do not show hidden files and folders".

I quickly searched online and people are saying its a virus. I scanned the PC with Avast Antivirus, Eset Online, Trend Micro Housecall Online, Defender, AVG Anti Virus, Spybot, Ad-aware, Super Antispyware, Rougeremover.

Besides tracking cookies, Avast was the only scan to find something. I used the "Delete" option when I was asked what to do. After the scans, the problem still occurs.

I posted the Avast and Hijack this log below. Hope you can hlep. Thanks!

31/03/2008 5:26:12 PM SYSTEM 580 Sign of "Win32:AutoRun-IC" has been found in "C:\WINDOWS\system32\40DC34F1.EXE\[NsPack]" file.
31/03/2008 5:30:28 PM user 3304 Sign of "Win32:AutoRun-IC" has been found in "c:\auto.exe\[NsPack]" file.
31/03/2008 5:33:32 PM user 3304 Sign of "Win32:AutoRun-IC" has been found in "c:\windows\system32\40dc34f1.exe\[NsPack]" file.
31/03/2008 5:33:55 PM user 3304 Sign of "Win32:AutoRun-IC" has been found in "e:\auto.exe\[NsPack]" file.
31/03/2008 5:34:03 PM user 3304 Sign of "Win32:AutoRun-IC" has been found in "f:\auto.exe\[NsPack]" file.
31/03/2008 8:54:57 PM user 3348 Sign of "Win32:Delf-HOX [Trj]" has been found in "E:\RECYCLER\S-1-5-21-515967899-484763869-725345543-1003\Df84.zip\Crack\Installation keygen.exe" file.
31/03/2008 8:57:56 PM user 3348 Sign of "Win32:Keygen-AR [Trj]" has been found in "E:\RECYCLER\S-1-5-21-515967899-484763869-725345543-1003\Df95.zip\Norton Ghost 9\CRACK FOR GHOST 9\SSG-NG90.EXE" file.
01/04/2008 7:44:57 PM SYSTEM 752 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
01/04/2008 7:44:57 PM SYSTEM 752 An error has occured while attempting to update. Please check the logs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:46 PM, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1206988747653
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5707 bytes

**evilfantasy** · #2 02-04-2008, 12:26 AM

Are you logged on as an administrator?

Cracks are packed with some of the worst forms of spyware and virus that can be found besides the fact they are illegal.

Open Hijackthis and select Do a system scan only then place a check mark next to:

O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es

Now click Fix checked.

----------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard).
Finally add the contents of the Report.txt in your next post.

----------

Please download Malwarebytes' Anti-Malware (MBAM) to your desktop from either of these two links.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad.
Please copy and paste the log into your next reply

Note: If you accidentally close the log it can be retrieved at any time from the Malwarebytes' Anti-Malware main screen.

Launch Malwarebytes' Anti-Malware.
Click the Logs tab.
Double-click log-mm.dd.yyyy [xxxxxx].txt

----------

Download HostsXpert

Unzip HostXpert to your desktop
Open up the HostXpert program.
Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
Click Create Back Up
Then click on Restore Microsoft's Host Files
Close the HostXpert program

Note: If you were using a custom Hosts file you will need to replace any of those entries yourself as well as run Spybots Immunize and enable all protection in SpywareBlaster.

----------

Reset Web Settings & Default Security Settings

Note for IE 7 users:

Select Internet Options, then the Advanced Tab and then the Reset button under Reset Internet Explorer Settings.

Note for IE 6 users:

To Reset Web Settings:

Right click on your desktop Internet Explorer icon and select Properties.
Click the Programs tab and then click Reset Web Settings.
Now go back to the General tab and set your home page address to something useful like www.computer-juice.com
Click Apply.
Next click Delete Cookies, Click Delete Files and select Delete all offline content.
Click OK > OK

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.computer-juice.com
Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK

To Reset Default Security Settings:

Right click on your desktop Internet Explorer icon and select Properties
Then click the Security tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.
For IE 7 users, simply click the "Reset all zones to default level" button.

----------

Now run a new Hijackthis scan and post that log along with the SDfix and MBAM log.

----------

Next post
SDFix log
MBAM log

**sungod000** · #3 02-04-2008, 02:10 AM

Hey thanks. I'm not logged on as administrator, but the account has admin rights.

Edit: Forgot to mention, the problem still exists.

Here are the logs:

SDFix: Version 1.165

Run by user on 01/04/2008 at 09:11 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 21:15:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Reinstall\D\n\21]
"DisplayName"="\xb973\x7792"
"DeviceDesc"="\xb973\x7792"
"ProviderName"="\x27fc\21\xee18\x7c90\x286c\21 \b"
"MFG"="\xc1bf\b\xe12b\x1803\x63c"
"ReinstallString"=".10.1000.8"
"DeviceInstanceIds"=str(7):"d:\drivers\chipset\xp\ sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 31 Mar 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Malwarebytes' Anti-Malware 1.10
Database version: 581

Scan type: Full Scan (A:\|C:\|E:\|F:\|)
Objects scanned: 71207
Time elapsed: 42 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:50 PM, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\Sniper.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1206988747653
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 4926 bytes

**evilfantasy** · #4 02-04-2008, 03:05 AM

try this.

http://www.majorgeeks.com/RRT_Remove...ool_d5635.html

**sungod000** · #5 02-04-2008, 10:48 AM

It didn't work.

**evilfantasy** · #6 02-04-2008, 03:42 PM

For restoring the registry settings, follow the steps given below.

Enable your folder options in explorer

1. Go to Start > RUN
2. Type regedit and press enter.
3. Go to HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Policies > Explorer
4. On the right side of the screen, you can see some registry entry names, out of them, right-click on NoFolderOptions and click Modify option.
5. A new small screen pops up, on this screen, set the value data field as 0 (zero). Press OK.
6. Reboot the computer.

If you don’t want to play with the registry yourself , you can also download the registry file and double click it to add it to the registry.

----------

If that still doesn't work.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

**sungod000** · #7 04-04-2008, 02:50 PM

Hi, the registry setting was already set to '0', so I went on to the second instruction. Here are the logs:

Deckard's System Scanner v20071014.68
Run by user on 2008-04-04 10:41:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
11: 2008-04-04 14:41:20 UTC - RP35 - Deckard's System Scanner Restore Point
10: 2008-04-04 01:26:43 UTC - RP34 - Software Distribution Service 3.0
9: 2008-04-02 14:08:06 UTC - RP33 - Software Distribution Service 3.0
8: 2008-04-02 11:20:13 UTC - RP32 - Installed Adobe Photoshop
7: 2008-04-02 02:19:36 UTC - RP31 - Installed Microsoft Office Professional Edition 2003

-- First Restore Point --
1: 2008-04-01 00:51:35 UTC - RP25 - Installed SUPERAntiSpyware Free Edition

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as user.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:54 AM, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\user.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1206988747653
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5465 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080401-210036-276 O1 - Hosts: 66.98.148.65 auto.search.msn.com
backup-20080401-210036-754 O1 - Hosts: 66.98.148.65 auto.search.msn.es

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 MDC8021X (AEGIS Protocol (IEEE 802.1x) v2.3.1.9) - c:\windows\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
R3 MRVW245 (Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)) - c:\windows\system32\drivers\mrvw245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S1 SASKUTIL - c:\program files\superantispyware\saskutil.sys (file missing)
S3 catchme - c:\docume~1\user\locals~1\temp\catchme.sys (file missing)
S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\progra~1\belkin\belkin~1.11g\dnindis5.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper - "c:\program files\diskeeper corporation\diskeeper\dkservice.exe" <Not Verified; Diskeeper Corporation; Diskeeper (TM) Disk Defragmenter>

S4 Mupe8anndsvp -

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-04-04 09:38:13 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-02 07:23:33 0 d-------- C:\WINDOWS\Easy CD-DA Extractor
2008-04-02 07:23:33 0 d-------- C:\Program Files\Easy CD-DA Extractor 10
2008-04-02 07:21:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-02 07:21:37 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-04-02 07:20:13 0 d-------- C:\Program Files\Common Files\Adobe
2008-04-01 22:24:39 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-01 22:24:39 47360 --a------ C:\Documents and Settings\user\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-04-01 22:24:38 0 d-------- C:\Documents and Settings\user\Application Data\Vso
2008-04-01 22:24:34 0 d-------- C:\Program Files\DVDFab Platinum 4
2008-04-01 22:20:41 0 d-------- C:\Program Files\Common Files\L&H
2008-04-01 22:20:26 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-04-01 22:20:13 0 d-------- C:\Program Files\Microsoft Works
2008-04-01 22:19:48 0 d-------- C:\WINDOWS\SHELLNEW
2008-04-01 22:19:44 0 d-------- C:\Program Files\Microsoft.NET
2008-04-01 22:12:20 0 d-------- C:\Program Files\PowerISO
2008-04-01 21:19:34 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-04-01 21:19:27 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-01 21:19:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-01 21:08:15 0 d-------- C:\WINDOWS\ERUNT
2008-04-01 20:35:18 89184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys <Not Verified; Ahead Software AG and its licensors; NERO IMAGEDRIVE>
2008-04-01 20:35:08 38912 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2008-04-01 20:35:08 544768 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2008-04-01 20:35:08 569344 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2008-04-01 20:35:07 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2008-04-01 20:35:07 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-01 20:35:04 0 d-------- C:\Program Files\Ahead
2008-04-01 20:26:43 0 d-------- C:\WINDOWS\system32\appmgmt
2008-04-01 20:22:34 208896 --a------ C:\WINDOWS\CMDLIC.DLL <Not Verified; COMODO; COMODO BOClean - AntiMalware>
2008-04-01 20:22:28 0 d-------- C:\Documents and Settings\All Users\Application Data\BOC425
2008-04-01 20:22:21 0 d-------- C:\Program Files\Comodo
2008-04-01 18:10:49 0 d-------- C:\Program Files\Trend Micro
2008-04-01 18:07:04 0 d-------- C:\Program Files\RogueRemover FREE
2008-04-01 15:19:05 0 d-------- C:\Documents and Settings\user\.housecall6.6
2008-04-01 15:18:55 0 d-------- C:\WINDOWS\Sun
2008-04-01 15:17:59 0 d-------- C:\Program Files\Java
2008-04-01 15:17:58 0 d-------- C:\Program Files\Common Files\Java
2008-04-01 15:17:37 0 d-------- C:\Documents and Settings\user\Application Data\Sun
2008-04-01 15:16:29 0 d-------- C:\Documents and Settings\user\Application Data\Macromedia
2008-04-01 15:16:29 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-04-01 15:16:21 1158 --a------ C:\WINDOWS\mozver.dat
2008-04-01 03:18:11 0 d-------- C:\temp
2008-04-01 03:18:10 0 d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-03-31 21:28:38 0 d-------- C:\Program Files\ASUS
2008-03-31 21:00:42 0 d-------- C:\Program Files\CCleaner
2008-03-31 20:54:37 0 d-------- C:\Program Files\Foxit Software
2008-03-31 20:51:41 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-31 20:51:36 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-31 20:51:36 0 d-------- C:\Documents and Settings\user\Application Data\SUPERAntiSpyware.com
2008-03-31 20:46:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-31 20:45:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-31 20:43:29 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-31 20:42:28 0 d-------- C:\Program Files\Windows Defender
2008-03-31 17:36:41 0 d--hs---- C:\Diskeeper
2008-03-31 17:24:06 0 d-------- C:\Program Files\Alwil Software
2008-03-31 17:16:47 9908256 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-31 17:14:29 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-03-31 17:14:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-31 17:14:17 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-03-31 17:14:02 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-31 17:13:35 0 d-------- C:\WINDOWS\Internet Logs
2008-03-31 16:58:38 0 d-------- C:\Program Files\Diskeeper Corporation
2008-03-31 16:07:18 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-31 16:07:16 0 d-------- C:\Documents and Settings\user\Application Data\Mozilla
2008-03-31 15:50:50 0 d-------- C:\Program Files\MSXML 6.0
2008-03-31 15:11:13 0 d-------- C:\Program Files\MSBuild
2008-03-31 15:09:08 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-03-31 15:08:28 0 d-------- C:\Program Files\Reference Assemblies
2008-03-31 15:05:51 0 d-------- C:\Program Files\Windows Media Connect 2
2008-03-31 15:05:12 0 d-------- C:\WINDOWS\system32\LogFiles
2008-03-31 15:05:12 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-03-31 15:01:51 0 d-------- C:\WINDOWS\RegisteredPackages
2008-03-31 14:59:34 0 d-------- C:\WINDOWS\system32\URTTEMP
2008-03-31 14:50:17 0 d-------- C:\Documents and Settings\user\Application Data\Hamachi
2008-03-31 14:50:02 0 d-------- C:\Program Files\Hamachi
2008-03-31 14:44:49 0 d-------- C:\WINDOWS\system32\PreInstall
2008-03-31 14:44:47 0 d--h----- C:\WINDOWS\$hf_mig$
2008-03-31 14:39:31 0 d-------- C:\WINDOWS\system32\SoftwareDistribution
2008-03-31 14:39:02 0 d---s---- C:\Documents and Settings\user\UserData
2008-03-31 14:36:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-03-31 14:32:04 0 d-------- C:\WINDOWS\usbdevice
2008-03-31 14:32:04 461952 --a------ C:\WINDOWS\system32\drivers\MRVW245.sys <Not Verified; Marvell Semiconductor, Inc; Device driver for Marvell 802.11n NIC>
2008-03-31 14:32:01 0 d-------- C:\Program Files\D-Link
2008-03-30 00:48:09 15781 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 2.3.1.9>
2008-03-30 00:48:08 17149 --a------ C:\WINDOWS\system32\DNINDIS5.SYS <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-30 00:48:08 94208 --a------ C:\WINDOWS\system32\DNIN50.DLL <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-03-30 00:13:30 0 d-------- C:\WINDOWS\OPTIONS
2008-03-30 00:13:09 0 d-------- C:\Documents and Settings\user\Application Data\ATI
2008-03-30 00:12:43 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-03-30 00:04:48 307200 -ra------ C:\WINDOWS\system32\atiiiexx.dll <Not Verified; ATI Technologies Inc.; ATI Display Driver Utilities>
2008-03-30 00:04:46 368640 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll <Not Verified; Advanced Micro Devices, Inc.; Catalyst® Control Centre>
2008-03-30 00:04:43 887724 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-03-30 00:04:42 3107788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-03-30 00:04:41 3107788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-03-30 00:04:41 160289 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-03-30 00:04:16 0 d-------- C:\Program Files\ATI Technologies
2008-03-30 00:01:40 0 d-------- C:\WINDOWS\system32\ReinstallBackups
2008-03-30 00:01:35 0 d------c- C:\WINDOWS\system32\DRVSTORE
2008-03-30 00:01:33 0 d-------- C:\Program Files\AMD
2008-03-30 00:01:29 0 d-------- C:\Documents and Settings\user\Application Data\InstallShield
2008-03-30 00:01:11 0 d-------- C:\WINDOWS\system32\Lang
2008-03-29 23:58:47 0 d-------- C:\WINDOWS\ASUSInstAll
2008-03-29 23:58:41 49152 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-03-29 23:58:26 0 d-------- C:\WINDOWS\system32\RTCOM
2008-03-29 23:57:37 0 d-------- C:\Program Files\Realtek
2008-03-29 23:57:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-29 23:57:34 520192 -r------- C:\WINDOWS\RtlExUpd.dll <Not Verified; Realtek Semiconductor Corp.; RtlExUpd Dynamic Link Library>
2008-03-29 23:57:34 315392 --a------ C:\WINDOWS\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-03-29 23:57:30 0 d-------- C:\Program Files\Common Files\InstallShield
2008-03-29 23:31:44 0 d-------- C:\Documents and Settings\user\Application Data\Identities
2008-03-29 23:31:38 0 d--h----- C:\Documents and Settings\user\Templates
2008-03-29 23:31:38 0 dr------- C:\Documents and Settings\user\Start Menu
2008-03-29 23:31:38 0 dr-h----- C:\Documents and Settings\user\SendTo
2008-03-29 23:31:38 0 dr-h----- C:\Documents and Settings\user\Recent
2008-03-29 23:31:38 0 d--h----- C:\Documents and Settings\user\PrintHood
2008-03-29 23:31:38 0 d--h----- C:\Documents and Settings\user\NetHood
2008-03-29 23:31:38 0 dr------- C:\Documents and Settings\user\My Documents
2008-03-29 23:31:38 0 d--h----- C:\Documents and Settings\user\Local Settings
2008-03-29 23:31:38 0 dr------- C:\Documents and Settings\user\Favorites
2008-03-29 23:31:38 0 d-------- C:\Documents and Settings\user\Desktop
2008-03-29 23:31:38 0 d---s---- C:\Documents and Settings\user\Cookies
2008-03-29 23:31:38 0 dr-h----- C:\Documents and Settings\user\Application Data
2008-03-29 23:31:37 2883584 --ah----- C:\Documents and Settings\user\NTUSER.DAT
2008-03-29 23:30:48 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-03-29 23:30:46 0 d-------- C:\WINDOWS\Prefetch
2008-03-29 23:30:45 0 d---s---- C:\WINDOWS\system32\Microsoft
2008-03-29 23:30:45 0 d--h----- C:\Documents and Settings\LocalService\Local Settings
2008-03-29 23:30:45 0 d---s---- C:\Documents and Settings\LocalService\Cookies
2008-03-29 23:30:45 0 d-------- C:\Documents and Settings\LocalService\Application Data
2008-03-29 23:30:45 0 d---s---- C:\Documents and Settings\LocalService\Application Data\Microsoft
2008-03-29 23:30:44 262144 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT
2008-03-29 23:30:27 225280 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT
2008-03-29 23:30:27 0 d--h----- C:\Documents and Settings\NetworkService\Local Settings
2008-03-29 23:30:27 0 d---s---- C:\Documents and Settings\NetworkService\Cookies
2008-03-29 23:30:27 0 d-------- C:\Documents and Settings\NetworkService\Application Data
2008-03-29 23:30:27 0 d---s---- C:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-03-29 23:27:10 0 d-------- C:\WINDOWS\system32\xircom
2008-03-29 23:27:10 0 d-------- C:\Program Files\microsoft frontpage
2008-03-29 23:27:01 225280 ---h----- C:\Documents and Settings\Default User\NTUSER.DAT
2008-03-29 23:26:52 0 -rahs---- C:\MSDOS.SYS
2008-03-29 23:26:52 0 -rahs---- C:\IO.SYS
2008-03-29 23:26:52 0 --a------ C:\CONFIG.SYS
2008-03-29 23:26:52 0 --a------ C:\AUTOEXEC.BAT
2008-03-29 23:26:00 0 d--hs---- C:\Documents and Settings\All Users\DRM
2008-03-29 23:25:51 0 dr------- C:\WINDOWS\Offline Web Pages
2008-03-29 23:25:51 0 d---s---- C:\WINDOWS\Downloaded Program Files
2008-03-29 23:25:41 0 d--h----- C:\Program Files\WindowsUpdate
2008-03-29 23:25:13 0 d-------- C:\WINDOWS\system32\DirectX
2008-03-29 23:24:15 0 d---s---- C:\WINDOWS\Tasks
2008-03-29 23:24:14 0 d-------- C:\Program Files\Common Files\MSSoap
2008-03-29 23:24:06 0 d-------- C:\WINDOWS\srchasst
2008-03-29 23:24:05 0 d-------- C:\WINDOWS\system32\Macromed
2008-03-29 23:23:51 0 d-------- C:\Program Files\Movie Maker
2008-03-29 23:23:37 0 d-------- C:\WINDOWS\system32\Restore
2008-03-29 23:22:50 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-03-29 23:22:33 0 d-------- C:\WINDOWS\Registration
2008-03-29 23:22:25 0 d-------- C:\Program Files\Online Services
2008-03-29 23:22:18 0 d-------- C:\Program Files\Messenger
2008-03-29 23:22:13 0 d-------- C:\Program Files\MSN Gaming Zone
2008-03-29 23:21:17 0 d-------- C:\Program Files\Windows NT
2008-03-29 23:21:11 0 d-------- C:\WINDOWS\system32\MsDtc
2008-03-29 23:21:08 0 d-------- C:\WINDOWS\system32\Com
2008-03-29 18:15:35 0 d--hs---- C:\WINDOWS\Installer
2008-03-29 18:15:34 0 d-------- C:\Program Files\Common Files\ODBC
2008-03-29 18:15:29 0 d-------- C:\Program Files\Common Files\SpeechEngines
2008-03-29 18:15:28 0 dr------- C:\Program Files
2008-03-29 18:15:28 0 d-------- C:\Program Files\Common Files
2008-03-29 18:14:51 0 d--h----- C:\Documents and Settings\Default User\Templates
2008-03-29 18:14:51 0 dr------- C:\Documents and Settings\Default User\Start Menu
2008-03-29 18:14:51 0 dr-h----- C:\Documents and Settings\Default User\SendTo
2008-03-29 18:14:51 0 d--h----- C:\Documents and Settings\Default User\Recent
2008-03-29 18:14:51 0 d--h----- C:\Documents and Settings\Default User\PrintHood
2008-03-29 18:14:51 0 d--h----- C:\Documents and Settings\Default User\NetHood
2008-03-29 18:14:51 0 d-------- C:\Documents and Settings\Default User\My Documents
2008-03-29 18:14:51 0 dr-h----- C:\Documents and Settings\Default User\Local Settings
2008-03-29 18:14:51 0 d-------- C:\Documents and Settings\Default User\Favorites
2008-03-29 18:14:51 0 d-------- C:\Documents and Settings\Default User\Desktop
2008-03-29 18:14:51 0 d---s---- C:\Documents and Settings\Default User\Cookies
2008-03-29 18:14:51 0 d--h----- C:\Documents and Settings\All Users\Templates
2008-03-29 18:14:51 0 dr------- C:\Documents and Settings\All Users\Start Menu
2008-03-29 18:14:51 0 d-------- C:\Documents and Settings\All Users\Favorites
2008-03-29 18:14:51 0 dr------- C:\Documents and Settings\All Users\Documents
2008-03-29 18:14:51 0 d-------- C:\Documents and Settings\All Users\Desktop
2008-03-29 18:14:35 0 d-------- C:\WINDOWS\system32\CatRoot2
2008-03-29 18:14:35 0 d-------- C:\WINDOWS\system32\CatRoot
2008-03-29 18:14:29 0 dr-h----- C:\Documents and Settings\Default User\Application Data
2008-03-29 18:14:29 0 d---s---- C:\Documents and Settings\Default User\Application Data\Microsoft
2008-03-29 18:14:29 0 dr-h----- C:\Documents and Settings\All Users\Application Data
2008-03-29 18:14:29 0 d---s---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-03-29 18:13:54 0 d--hs---- C:\System Volume Information
2008-03-29 18:13:54 0 d-------- C:\Documents and Settings
2008-03-29 18:07:41 0 d-------- C:\WINDOWS
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\WinSxS
2008-03-29 18:07:41 0 dr------- C:\WINDOWS\Web
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\twain_32
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\wins
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\wbem
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\usmt
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\spool
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\ShellExt
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\Setup
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\ras
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\oobe
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\npp
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\mui
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\inetsrv
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\IME
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\icsxml
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\ias
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\export
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\drivers
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\drivers\etc
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\drivers\disdn
2008-03-29 18:07:41 0 dr-hs--c- C:\WINDOWS\system32\dllcache
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\dhcp
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\config
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\3com_dmi
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\3076
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\2052
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1054
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1042
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1041
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1037
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1033
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1031
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1028
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system32\1025
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\system
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\security
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Resources
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\repair
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Provisioning
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\PeerNet
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\pchealth
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\mui
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\msapps
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\msagent
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Media
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\java
2008-03-29 18:07:41 0 d--h----- C:\WINDOWS\inf
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\ime
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Help
2008-03-29 18:07:41 0 dr--s---- C:\WINDOWS\Fonts
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\ehome
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Driver Cache
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Debug
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Cursors
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Connection Wizard
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\Config
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\AppPatch
2008-03-29 18:07:41 0 d-------- C:\WINDOWS\addins

-- Find3M Report ---------------------------------------------------------------

2008-04-01 22:24:45 34 --a------ C:\Documents and Settings\user\Application Data\pcouffin.log
2008-04-01 22:24:39 1144 --a------ C:\Documents and Settings\user\Application Data\pcouffin.inf
2008-04-01 22:24:39 7887 --a------ C:\Documents and Settings\user\Application Data\pcouffin.cat
2008-03-29 18:14:51 62 --ahs---- C:\Documents and Settings\user\Application Data\desktop.ini

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [24/10/2007 11:57 PM C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [03/05/2005 06:43 AM C:\WINDOWS\Alcmtr.exe]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [04/10/2006 12:38 PM]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [13/03/2008 11:11 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [29/03/2008 02:37 PM]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [03/11/2006 07:20 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25 AM]
"BOC-425"="C:\PROGRA~1\Comodo\CBOClean\BOC425.exe" [26/11/2007 10:38 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [09/07/2001 10:50 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 12:56 PM]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [31/03/2008 2:50:02 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [02/04/2008 7:21:14 AM]
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe [31/03/2008 2:32:01 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoFolderOptions"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command- D:\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\E]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\F]
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8fc56bc1-fe12-11dc-a3d0-001fc620abf2}]
Auto\command- G:\auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8073 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-04-04 10:42:39 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 1791.16 MiB / 1307.35 MiB
Pagefile Memory (total/avail): 3685.77 MiB / 3359.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.2 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.28 GiB total, 30.07 GiB free.
D: is Fixed (NTFS) - 186.31 GiB total, 101.07 GiB free.
E: is Fixed (NTFS) - 279.46 GiB total, 91.04 GiB free.
F: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - MAXTOR 6L040J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.28 GiB - C:

\\.\PHYSICALDRIVE2 - ST320082 6A SCSI Disk Device - 186.31 GiB - 1 partition
\PARTITION0 - Installable File System - 186.31 GiB - D:

\\.\PHYSICALDRIVE1 - ST330083 1A SCSI Disk Device - 279.46 GiB - 1 partition
\PARTITION0 - Installable File System - 279.46 GiB - E:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Firewall v7.0.470.000 (Check Point, LTD.) Disabled
AV: avast! antivirus 4.8.1169 [VPS 080404-0] v4.8.1169 (ALWIL Software) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAcces s\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOMEDIVYA
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\HOMEDIVYA
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\Sys tem32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Diskeeper Corporation\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WS F;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=6b02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=HOMEDIVYA
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

user (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Photoshop CS --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
AMD Processor Driver --> C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder --> MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BOClean --> C:\WINDOWS\UNBOC.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
D-Link Wireless N USB Adapter DWA-130 --> C:\Program Files\InstallShield Installation Information\{12556CE0-804A-40B7-8054-BD666764ED36}\setup.exe -runfromtemp -l0x0009 -removeonly
Diskeeper 2007 Pro Premier --> MsiExec.exe /X{B1D8CAE1-62E8-4259-8B57-1755629F71EC}
DVDFab Platinum 4.1.2.0 --> "C:\Program Files\DVDFab Platinum 4\unins000.exe"
Easy CD-DA Extractor 10 --> "C:\WINDOWS\Easy CD-DA Extractor\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 10\irunin.xml"
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\s puninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spunins t.exe"
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover --> "C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst .exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spu ninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spunin st.exe"
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver --> C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\Setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SyncToy --> MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spunin st.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spunins t.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type483 / Warning
Event Submitted/Written: 04/03/2008 10:05:21 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type476 / Warning
Event Submitted/Written: 04/02/2008 06:43:08 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type472 / Warning
Event Submitted/Written: 04/01/2008 10:25:32 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type470 / Warning
Event Submitted/Written: 04/01/2008 10:20:51 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Event Record #/Type469 / Warning
Event Submitted/Written: 04/01/2008 10:20:51 PM
Event ID/Source: 5603 / WinMgmt
Event Description:
A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type1334 / Warning
Event Submitted/Written: 04/04/2008 10:42:08 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEDIVYA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEDIVYA27 can't undo changes that you allow.

For more information please see the following:
%HOMEDIVYA275

Scan ID: {E2F71D78-CA8B-40AD-B309-0DFA1B6CD80B}

User: HOMEDIVYA\user

Name: %HOMEDIVYA271

ID: %HOMEDIVYA272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEDIVYA276

Alert Type: %HOMEDIVYA278

Detection Type: 1.1.1593.02

Event Record #/Type1333 / Warning
Event Submitted/Written: 04/04/2008 10:42:08 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEDIVYA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEDIVYA27 can't undo changes that you allow.

For more information please see the following:
%HOMEDIVYA275

Scan ID: {67A93B96-C2F1-47EF-B771-6A9834ACBFAE}

User: HOMEDIVYA\user

Name: %HOMEDIVYA271

ID: %HOMEDIVYA272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEDIVYA276

Alert Type: %HOMEDIVYA278

Detection Type: 1.1.1593.02

Event Record #/Type1332 / Warning
Event Submitted/Written: 04/04/2008 10:42:08 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEDIVYA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEDIVYA27 can't undo changes that you allow.

For more information please see the following:
%HOMEDIVYA275

Scan ID: {39F8F2C4-AD4A-4F62-87BE-2FBC11D4B02C}

User: HOMEDIVYA\user

Name: %HOMEDIVYA271

ID: %HOMEDIVYA272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEDIVYA276

Alert Type: %HOMEDIVYA278

Detection Type: 1.1.1593.02

Event Record #/Type1331 / Warning
Event Submitted/Written: 04/04/2008 10:42:05 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEDIVYA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEDIVYA27 can't undo changes that you allow.

For more information please see the following:
%HOMEDIVYA275

Scan ID: {A45EB53F-8D18-4040-92A8-207E84D2AEC9}

User: HOMEDIVYA\user

Name: %HOMEDIVYA271

ID: %HOMEDIVYA272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %HOMEDIVYA276

Alert Type: %HOMEDIVYA278

Detection Type: 1.1.1593.02

Event Record #/Type1330 / Warning
Event Submitted/Written: 04/04/2008 10:42:05 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%HOMEDIVYA27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %HOMEDIVYA27 can't undo changes that you allow.

For more information please see the following:
%HOMEDIVYA275

Scan ID: {17C6DB69-9D4B-4BAC-83A3-58EC9B4B7669}

User: HOMEDIVYA\user

Name: %HOMEDIVYA271

ID: