Remnants of a nasty infection

As per the request of noahdfear in my topic:
http://www.windowsbbs.com/showthread.php?t=69658&page=6
I am posting the main.log from Deckard's System Scanner

Deckard's System Scanner v20071014.68
Run by KrypticChewie on 2007-12-22 08:15:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
29: 2007-12-22 12:15:47 UTC - RP503 - Deckard's System Scanner Restore Point
28: 2007-12-21 18:18:38 UTC - RP502 - System Checkpoint
27: 2007-12-20 18:12:21 UTC - RP501 - Installed Windows XP KB894472.
26: 2007-12-20 03:43:36 UTC - RP500 - System Checkpoint
25: 2007-12-19 02:43:36 UTC - RP499 - System Checkpoint


-- First Restore Point --
1: 2007-12-01 13:27:30 UTC - RP475 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 3.33 GiB (less than 15%) free.


-- HijackThis (run as KrypticChewie.exe) ---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:19:20 AM, on 22/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HddLed\hddledd.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Energizer FileSaver\ppped.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Energizer FileSaver\pppeuser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ASUS\Ai Booster\OverClk.exe
C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Documents and Settings\KrypticChewie\Desktop\dss.exe
C:\DOCUME~1\KRYPTI~1\Desktop\KrypticChewie.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D8FA5C5-2C45-435C-9641-3A65CB14A6DC} - C:\WINDOWS\system32\geebb.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: {d6422bec-ebb8-be2a-1a84-a67c95ca623d} - {d326ac59-c76a-48a1-a2eb-8bbeceb2246d} - C:\WINDOWS\system32\sttbnana.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe "
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\Energizer FileSaver\pppeuser.exe "
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Ai Booster v2.00.68.lnk = C:\Program Files\ASUS\Ai Booster\OverClk.exe
O4 - Startup: NVIDIA Monitor.lnk = C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe
O4 - Startup: taskmgr.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SATARAID5.lnk = C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://thegreatkris.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160698476195
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: qomllig - qomllig.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: hddledd - Unknown owner - C:\Program Files\HddLed\hddledd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FileSaver Service (ppped) - Unknown owner - C:\Program Files\Energizer FileSaver\ppped.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8533 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - "regedit.exe" "%1 "
.scr - scrfile - shell\open\command - "%1" /S "%3 "


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Si3114r5 (SiI-3114 SoftRaid 5 Controller) - c:\windows\system32\drivers\si3114r5.sys <Not Verified; Silicon Image, Inc; SoftRAID 5>
R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 DgiVecp (Team MFP Comm Driver) - c:\windows\system32\drivers\dgivecp.sys <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
R3 DELTA (Service for Delta Driver (WDM)) - c:\windows\system32\drivers\delta.sys <Not Verified; Midiman/M-Audio; M-Audio Delta WDM Driver>
R3 NVR0Dev - c:\windows\nvoclock.sys <Not Verified; NVidia Corp.; NVidia System Utility Driver>
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S0 kl1 - c:\windows\system32\drivers\kl1.sys (file missing)
S1 StarPort (StarPort Storage Controller) - c:\windows\system32\drivers\starport.sys (file missing)
S3 WBHWDOCT - c:\program files\winbond electronics corp\voice editor\wbhwdoct.sys <Not Verified; Winbond Electronics Corp.; Winbond Hardware Doctor>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 hddledd - c:\program files\hddled\hddledd.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R2 ppped (FileSaver Service) - "c:\program files\energizer filesaver\ppped.exe "

S4 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2007-11-22 and 2007-12-22 -----------------------------

2007-12-20 11:54:35 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Uniblue
2007-12-17 10:22:26 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Thinstall
2007-12-17 08:58:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 07:21:13 0 d-------- C:\VundoFix Backups
2007-12-16 21:25:40 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-16 21:25:29 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\iolo
2007-12-16 21:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-16 19:55:29 0 d-------- C:\WINDOWS\CSC
2007-12-16 09:35:06 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Waves Audio
2007-12-15 14:07:52 0 d-------- C:\Program Files\Microsoft Works
2007-12-15 14:06:11 0 d-------- C:\Program Files\Microsoft.NET
2007-12-15 13:57:07 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-15 13:55:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-15 13:55:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 13:54:35 0 dr-h----- C:\MSOCache
2007-12-14 20:34:33 0 d-------- C:\Program Files\HddLed
2007-12-13 09:46:16 0 d-------- C:\Program Files\Greatis
2007-12-10 09:36:57 3532 --a------ C:\drmHeader.bin
2007-12-06 11:36:51 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-12-06 11:31:43 0 d-------- C:\Program Files\Image-Line
2007-12-04 20:52:01 0 d-------- C:\Program Files\Antares Audio Technologies
2007-12-03 21:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 21:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 21:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 21:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-02 19:58:06 0 d-------- C:\Program Files\Microsoft Bootvis
2007-12-02 19:31:39 0 d-------- C:\Program Files\r2 Studios
2007-11-29 18:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 18:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 18:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 17:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Find3M Report ---------------------------------------------------------------

2007-12-22 08:19:28 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\uTorrent
2007-12-22 00:00:00 0 d-------- C:\Program Files\Energizer FileSaver
2007-12-21 23:31:56 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-16 09:34:52 0 d-------- C:\Program Files\Waves
2007-12-16 09:34:00 0 d-------- C:\Program Files\Vstplugins
2007-12-15 14:07:39 0 d-------- C:\Program Files\MSBuild
2007-12-15 14:07:06 0 d-------- C:\Program Files\Common Files
2007-12-12 08:19:07 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\DivXMuxGui
2007-12-11 23:46:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-12-08 09:55:12 0 d-------- C:\Program Files\DivX
2007-12-02 19:24:57 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\nView_Wallpaper
2007-12-01 18:24:06 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Adobe
2007-12-01 18:10:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-29 23:19:29 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Free Download Manager
2007-11-17 17:48:03 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\MailFrontier
2007-11-17 08:22:04 0 d-------- C:\Program Files\Aquila Technology
2007-11-17 07:43:44 0 d-------- C:\Program Files\SonicWallES
2007-11-16 23:49:04 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\IsolatedStorage
2007-11-14 22:14:10 102978 ---hs---- C:\WINDOWS\system32\bbeeg.bak1
2007-11-13 22:13:44 130333 ---hs---- C:\WINDOWS\system32\bbeeg.bak2
2007-11-12 20:09:55 81472 --a------ C:\WINDOWS\system32\jgcdyuau.dll
2007-11-12 06:51:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-11-12 06:51:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-11-12 06:51:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 06:51:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-11-12 06:51:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 06:51:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-11-12 06:51:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 06:51:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-11-12 06:51:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-11-05 18:11:54 83008 --a------ C:\WINDOWS\system32\qidsgemk.dll
2007-11-02 21:25:43 0 d-------- C:\Program Files\Java
2007-10-30 19:38:57 0 d-------- C:\Program Files\Outerinfo
2007-10-26 22:31:45 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Nero
2007-10-26 22:30:24 0 d-------- C:\Program Files\Common Files\Nero
2007-10-26 22:27:09 0 d-------- C:\Program Files\Nero
2007-10-26 22:09:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-13 22:38:08 512 --a------ C:\ScanSectorLog.dat
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-22 17:23:29 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D8FA5C5-2C45-435C-9641-3A65CB14A6DC}]
C:\WINDOWS\system32\geebb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d326ac59-c76a-48a1-a2eb-8bbeceb2246d}]
C:\WINDOWS\system32\sttbnana.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [12/11/2007 06:51 AM]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00 AM]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 04:05 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005 "= "C:\Program Files\ResChanger 2005\ResChanger2005.exe" [26/05/2005 07:30 PM]
"PowerPanel Personal Edition User Interaction "= "C:\Program Files\Energizer FileSaver\pppeuser.exe" [19/07/2005 02:25 PM]
"NVIDIA nTune "= "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [03/07/2007 12:32 PM]
"hddled.exe "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 12:56 AM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [31/08/2007 04:46 PM]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\
Active SMART.lnk - C:\Program Files\Active SMART\ActiveSMART.exe [05/12/2006 04:03:44 PM]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [16/03/2005 08:16:50 PM]
Ai Booster v2.00.68.lnk - C:\Program Files\ASUS\Ai Booster\OverClk.exe [14/10/2006 09:36:16 PM]
NVIDIA Monitor.lnk - C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe [03/07/2007 12:31:46 PM]
taskmgr.lnk - C:\WINDOWS\system32\taskmgr.exe [04/08/2004 12:56:58 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06 AM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [04/11/2004 07:28:24 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [04/11/2004 07:50:52 PM]
SATARAID5.lnk - C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar [12/10/2006 07:48:23 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomllig]
qomllig.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages "= msv1_0 C:\WINDOWS\system32\geebb.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495ceb8b-3af3-11dc-8be8-0017318c1619}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d0e61fd-f60e-11db-8b85-0017318c1619}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
Open(0)\command- I:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f0f44f-5a1c-11db-9ae2-806d6172696f}]
AutoRun\command- F:\ASUSACPI.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com


-- End of Deckard's System Scanner: finished at 2007-12-22 08:20:14 ------------

 

I was asked to run VundoFix the last thread but I didn't find the log. I just did today and here it is.


VundoFix V6.7.7

Checking Java version...

Java version is 1.4.2.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 07:21:13 AM 17/12/2007

Listing files found while scanning....

C:\WINDOWS\system32\qomllig.dll
C:\WINDOWS\system32\sttbnana.dll
C:\WINDOWS\system32\ufkbbyln.dll
C:\WINDOWS\system32\usvcdudp.dll
C:\windows\system32\wybyttgq.dll
C:\WINDOWS\system32\xcytwotg.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\sttbnana.dll
C:\WINDOWS\system32\sttbnana.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ufkbbyln.dll
C:\WINDOWS\system32\ufkbbyln.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\usvcdudp.dll
C:\WINDOWS\system32\usvcdudp.dll Has been deleted!

Attempting to delete C:\windows\system32\wybyttgq.dll
C:\windows\system32\wybyttgq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcytwotg.dll
C:\WINDOWS\system32\xcytwotg.dll Has been deleted!

Performing Repairs to the registry.
Done!

 

Download ComboFix by sUBs from here, saving the file to your desktop.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log and a new HijackThis log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall


I see no active antivirus program. Do you not have one installed, or has it been disabled?

 

I'm using Zone Alarm Security Suite. That has anti-spyware and anti-virus in it.

 

Is it normal for the desktop icons and taskbar to disappear during ComboFix execution? Because they did, came back for a bit, and left again.

 

Ok. Just rebooted. Still getting delay problem. ComboFix window actually was up before before anything else and just sat there.

ComboFix 07-12-21.4 - KrypticChewie 2007-12-22 10:45:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1180 [GMT -4:00]
Running from: C:\Documents and Settings\KrypticChewie\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\outerinfo
C:\Program Files\outerinfo\outerinfo.ico
C:\WINDOWS\ecurit~1
C:\WINDOWS\ecurit~1\?ecurity\
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\jgcdyuau.dll
C:\WINDOWS\system32\qidsgemk.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-11-22 to 2007-12-22 )))))))))))))))))))))))))))))))
.

2007-12-22 10:22 . 2007-12-22 10:22 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\ActiveSMART
2007-12-22 08:15 . 2007-12-22 08:15 <DIR> d-------- C:\Deckard
2007-12-20 20:32 . 2005-04-12 20:17 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dllx
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dllksd
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a--c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-12-20 11:54 . 2007-12-20 11:54 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Uniblue
2007-12-17 10:22 . 2007-12-17 10:22 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Thinstall
2007-12-17 08:58 . 2007-12-17 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 07:21 . 2007-12-17 07:47 <DIR> d-------- C:\VundoFix Backups
2007-12-16 21:25 . 2007-12-17 13:06 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\iolo
2007-12-16 21:25 . 2007-12-16 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-16 21:25 . 2007-12-16 21:25 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-16 20:39 . 2007-12-16 20:43 6,904,446 --a------ C:\WINDOWS\AsusUpdt_V71302.zip
2007-12-16 09:35 . 2007-12-16 09:35 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Waves Audio
2007-12-15 14:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-15 14:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-15 14:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-15 14:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-15 14:07 . 2007-12-15 14:07 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-15 14:06 . 2007-12-15 14:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-15 13:57 . 2007-12-15 13:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-15 13:55 . 2007-12-15 14:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-15 13:55 . 2007-12-16 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 13:54 . 2007-12-15 13:54 <DIR> dr-h----- C:\MSOCache
2007-12-14 20:34 . 2007-12-14 20:34 <DIR> d-------- C:\Program Files\HddLed
2007-12-13 09:48 . 2007-12-13 09:53 3,604,480 --a------ C:\LogFile.Etl
2007-12-13 09:46 . 2007-12-13 09:46 <DIR> d-------- C:\Program Files\Greatis
2007-12-12 07:50 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-12 07:50 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-10 09:36 . 2007-12-10 09:36 3,532 --a------ C:\drmHeader.bin
2007-12-06 11:36 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2007-12-06 11:36 . 2006-06-20 04:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-12-06 11:31 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Image-Line
2007-12-04 20:52 . 2007-12-04 20:52 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2007-12-03 21:33 . 2007-12-03 21:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-03 21:33 . 2007-12-03 21:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-03 21:33 . 2007-12-03 21:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-03 21:33 . 2007-12-03 21:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-03 21:33 . 2007-12-03 21:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-02 19:58 . 2007-12-02 20:44 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-12-02 19:31 . 2007-12-02 19:50 <DIR> d-------- C:\Program Files\r2 Studios
2007-11-29 18:30 . 2007-11-29 18:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 18:30 . 2007-11-29 18:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 18:30 . 2007-11-29 18:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 18:30 . 2007-11-29 18:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 18:30 . 2007-11-29 18:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 18:28 . 2007-11-29 18:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 18:28 . 2007-11-29 18:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 18:28 . 2007-11-29 18:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 18:28 . 2007-11-29 18:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 17:55 . 2007-11-28 17:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 17:53 . 2007-11-28 17:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 17:53 . 2007-11-28 17:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 17:53 . 2007-11-28 17:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 17:53 . 2007-11-28 17:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 17:53 . 2007-11-28 17:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 17:53 . 2007-11-28 17:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 17:53 . 2007-11-28 17:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 17:52 . 2007-11-28 17:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 14:52 10,477,856 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-22 14:50 157,040 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-22 14:42 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\uTorrent
2007-12-22 14:22 --------- d-----w C:\Program Files\Active SMART
2007-12-22 13:04 --------- d-----w C:\Program Files\Java
2007-12-22 04:00 --------- d-----w C:\Program Files\Energizer FileSaver
2007-12-16 13:34 --------- d-----w C:\Program Files\Waves
2007-12-16 13:34 --------- d-----w C:\Program Files\Vstplugins
2007-12-15 18:07 --------- d-----w C:\Program Files\MSBuild
2007-12-12 12:19 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\DivXMuxGui
2007-12-08 13:55 --------- d-----w C:\Program Files\DivX
2007-12-02 23:24 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\nView_Wallpaper
2007-12-01 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 03:19 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\Free Download Manager
2007-11-23 20:13 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-17 21:48 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\MailFrontier
2007-11-17 12:22 --------- d-----w C:\Program Files\Aquila Technology
2007-11-17 11:43 --------- d-----w C:\Program Files\SonicWallES
2007-11-17 03:49 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\IsolatedStorage
2007-11-14 20:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 10:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-02 23:00 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-27 02:31 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\Nero
2007-10-27 02:30 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-27 02:27 --------- d-----w C:\Program Files\Nero
2007-10-27 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-27 02:09 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-14 02:38 512 ----a-w C:\ScanSectorLog.dat
2007-09-22 21:23 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-01-15 21:47 284 ----a-w C:\Documents and Settings\KrypticChewie\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D8FA5C5-2C45-435C-9641-3A65CB14A6DC}]
C:\WINDOWS\system32\geebb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d326ac59-c76a-48a1-a2eb-8bbeceb2246d}]
C:\WINDOWS\system32\sttbnana.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005 "= "C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 19:30]
"PowerPanel Personal Edition User Interaction "= "C:\Program Files\Energizer FileSaver\pppeuser.exe" [2005-07-19 14:25]
"NVIDIA nTune "= "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"hddled.exe "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\
Active SMART.lnk - C:\Program Files\Active SMART\ActiveSMART.exe [2006-12-05 16:03:44]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Ai Booster v2.00.68.lnk - C:\Program Files\ASUS\Ai Booster\OverClk.exe [2006-10-14 21:36:16]
NVIDIA Monitor.lnk - C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe [2007-07-03 12:31:46]
taskmgr.lnk - C:\WINDOWS\system32\taskmgr.exe [2004-08-04 00:56:58]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
SATARAID5.lnk - C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar [2006-10-12 19:48:23]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomllig]
qomllig.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495ceb8b-3af3-11dc-8be8-0017318c1619}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f0f44f-5a1c-11db-9ae2-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 10:53:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-22 10:55:26 - machine was rebooted
.
2007-12-17 00:35:19 --- E O F ---

 

I'll be back in a bit. Have something important to take care of.

 

First, please reset the date on your computer to 10-22-07 (2 months ago), then proceed.

Highlight and copy the bolded command below.

"%userprofile%\Desktop\dss.exe" /config

Click Start>Run and paste the command on the run line then hit enter. When the dss interface opens, click Uncheck All, then place a check next to Files created/modified and click Scan. Post the contents of the log that opens when it completes. Reset your date to current.

Can I assume you did some renaming/copying of the xpsp2res.dll file?

BTW, the events during the ComboFix scan were normal.

 

Oh yes! Sorry. I should have mentioned that. But that was last night btw.

I put a version 1028 but the one I had before was higher I think.

 

Here is the log:

eckard's System Scanner v20071014.68
Run by KrypticChewie on 2007-10-22 13:03:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 3.93 GiB (less than 15%) free.


-- Files created between 2007-09-22 and 2007-10-22 -----------------------------

2007-12-22 12:55:22 0 d-------- C:\WINDOWS\LastGood
2007-12-22 12:48:31 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\InstallShield
2007-12-22 10:22:14 0 d--h----- C:\Documents and Settings\All Users\Application Data\ActiveSMART
2007-12-20 11:54:35 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Uniblue
2007-12-17 10:22:26 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Thinstall
2007-12-17 08:58:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 07:21:13 0 d-------- C:\VundoFix Backups
2007-12-16 21:25:40 74703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-16 21:25:29 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\iolo
2007-12-16 21:25:29 0 d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-16 19:55:29 0 d-------- C:\WINDOWS\CSC
2007-12-16 09:35:06 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Waves Audio
2007-12-15 14:07:52 0 d-------- C:\Program Files\Microsoft Works
2007-12-15 14:06:11 0 d-------- C:\Program Files\Microsoft.NET
2007-12-15 13:57:07 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-15 13:55:58 0 d-------- C:\WINDOWS\SHELLNEW
2007-12-15 13:55:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 13:54:35 0 dr-h----- C:\MSOCache
2007-12-14 20:34:33 0 d-------- C:\Program Files\HddLed
2007-12-13 09:46:16 0 d-------- C:\Program Files\Greatis
2007-12-10 09:36:57 3532 --a------ C:\drmHeader.bin
2007-12-06 11:36:51 225280 --a------ C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2007-12-06 11:31:43 0 d-------- C:\Program Files\Image-Line
2007-12-04 20:52:01 0 d-------- C:\Program Files\Antares Audio Technologies
2007-12-03 21:33:18 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2007-12-03 21:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 21:33:18 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-03 21:33:16 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2007-12-02 19:58:06 0 d-------- C:\Program Files\Microsoft Bootvis
2007-12-02 19:31:39 0 d-------- C:\Program Files\r2 Studios
2007-11-29 18:30:28 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 18:28:24 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2007-11-29 18:28:24 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-11-28 17:52:32 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-17 08:22:04 0 d-------- C:\Program Files\Aquila Technology
2007-11-17 07:43:44 0 d-------- C:\Program Files\SonicWallES
2007-11-16 23:49:04 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\IsolatedStorage
2007-11-08 20:57:45 41984 -----n--- C:\WINDOWS\system32\drivers\DGIVECP.SYS <Not Verified; DeviceGuys, Inc.; DeviceGuys, Inc. Team MFP for Windows NT, 9x, and 3.1>
2007-10-30 16:20:00 0 d-------- C:\WINDOWS\pss
2007-10-30 16:13:53 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\MailFrontier
2007-10-26 22:27:09 0 d-------- C:\Program Files\Common Files\Nero
2007-10-26 22:27:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-10-21 12:18:17 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-11 09:55:10 88576 --a------ C:\WINDOWS\system32\infocardapi.dll <Not Verified; Microsoft Corporation; Microsoft® .NET Framework>
2007-10-09 12:58:20 16896 --a------ C:\WINDOWS\system32\tswpfwrp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-09-29 22:54:16 0 d-------- C:\Program Files\Common Files\Logitech
2007-09-29 22:53:45 0 d-------- C:\Program Files\Logitech
2007-09-22 18:51:30 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Pegasys Inc


-- Find3M Report ---------------------------------------------------------------

2007-12-22 12:54:27 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-22 12:54:10 0 d-------- C:\Program Files\Energizer FileSaver
2007-12-22 12:49:04 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-22 12:48:34 0 d-------- C:\Program Files\M-Audio
2007-12-22 12:23:34 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\uTorrent
2007-12-22 10:22:15 0 d-------- C:\Program Files\Active SMART
2007-12-22 09:04:52 0 d-------- C:\Program Files\Java
2007-12-16 09:34:52 0 d-------- C:\Program Files\Waves
2007-12-16 09:34:00 0 d-------- C:\Program Files\Vstplugins
2007-12-15 14:07:39 0 d-------- C:\Program Files\MSBuild
2007-12-15 14:07:06 0 d-------- C:\Program Files\Common Files
2007-12-12 08:19:07 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\DivXMuxGui
2007-12-11 23:46:44 8 --a------ C:\WINDOWS\system32\nvModes.dat
2007-12-08 09:55:12 0 d-------- C:\Program Files\DivX
2007-12-02 19:24:57 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\nView_Wallpaper
2007-12-01 18:24:06 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Adobe
2007-12-01 18:10:35 0 d-------- C:\Program Files\Common Files\Adobe
2007-11-29 23:19:29 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Free Download Manager
2007-11-12 06:51:00 1626112 --a------ C:\WINDOWS\system32\nwiz.exe
2007-11-12 06:51:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2007-11-12 06:51:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 06:51:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2007-11-12 06:51:00 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 06:51:00 1474560 --a------ C:\WINDOWS\system32\nview.dll
2007-11-12 06:51:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 06:51:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2007-11-12 06:51:00 425984 --a------ C:\WINDOWS\system32\keystone.exe
2007-10-26 22:31:45 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Nero
2007-10-26 22:27:09 0 d-------- C:\Program Files\Nero
2007-10-26 22:09:28 0 d-------- C:\Program Files\Common Files\Ahead
2007-10-13 22:38:08 512 --a------ C:\ScanSectorLog.dat
2007-09-22 17:23:29 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2007-09-16 20:41:46 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Dr. DivX 2.0 OSS
2007-09-16 10:48:42 0 d-------- C:\Program Files\uTorrent
2007-09-16 03:39:30 0 d-------- C:\Program Files\MSN Messenger
2007-09-07 15:07:45 0 d-------- C:\Program Files\Startup Control Center
2007-09-01 19:25:13 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Sony
2007-09-01 18:38:07 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\Publish Providers
2007-09-01 18:20:36 0 d-------- C:\Program Files\Sony
2007-09-01 18:20:17 0 d-------- C:\Program Files\Sony Setup
2007-09-01 18:18:04 0 d-------- C:\Program Files\Microsoft SQL Server
2007-09-01 10:42:49 0 d-------- C:\Program Files\Goland
2007-08-26 15:35:49 0 d--h----- C:\Program Files\WindowsUpdate
2007-08-26 15:35:49 0 d-------- C:\Documents and Settings\KrypticChewie\Application Data\PACE Anti-Piracy
2007-08-26 15:35:47 0 d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-08-23 16:56:57 0 d-------- C:\Program Files\iZotope
2007-08-23 16:51:38 0 d-------- C:\Program Files\Steinberg
2007-08-23 16:51:38 0 d-------- C:\Program Files\Common Files\iZotope
2007-08-23 16:51:38 0 d-------- C:\Program Files\Common Files\Digidesign


-- End of Deckard's System Scanner: finished at 2007-10-22 13:03:39 ------------

 

dss log looks good.

Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4D8FA5C5-2C45-435C-9641-3A65CB14A6DC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d326ac59-c76a-48a1-a2eb-8bbeceb2246d}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomllig]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{495ceb8b-3af3-11dc-8be8-0017318c1619}]

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run. A log will open when it's complete. Post the contents of that log.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Restart the computer please, then please download System Repair Engineer by Smallfrogs and save it to your desktop.

1. Extract it to it's own folder & double click SREng.exe to run it
2. Select 'Smart Scan' & tick "Verify Digital Signatures"
3. Click on the [Scan] button
4. When finished, click on the [Save Reports] button & save the log to Desktop
5. Post the contents of that log here (it may be large and require splitting into two posts)

Any possibility of freeing up some space on your hard drive?

 

In a subfolder of C:\Deckard you will find a log named extra.txt .... please post it's contents here as well.

 

ComboFix log

ComboFix 07-12-21.4 - KrypticChewie 2007-10-22 15:18:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1333 [GMT -4:00]
Running from: C:\Documents and Settings\KrypticChewie\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\KrypticChewie\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.

2007-12-22 12:55 . 2007-12-22 12:55 <DIR> d-------- C:\WINDOWS\LastGood
2007-12-22 12:49 . 2007-12-03 11:21 2,513,432 --a------ C:\WINDOWS\system32\pcifmdio.dll
2007-12-22 12:49 . 2007-12-03 11:21 727,560 --a------ C:\WINDOWS\system32\DeltaIICpl.exe
2007-12-22 12:49 . 2007-12-03 11:21 297,992 --a------ C:\WINDOWS\system32\drivers\deltaII.sys
2007-12-22 12:49 . 2007-12-03 11:21 236,040 --a------ C:\WINDOWS\system32\DeltaIITray.exe
2007-12-22 12:49 . 2007-12-03 11:21 26,632 --a------ C:\WINDOWS\system32\DeltaII.cpl
2007-12-22 12:49 . 2007-12-03 11:21 25,096 --a------ C:\WINDOWS\system32\deltaIIasio.dll
2007-12-22 12:49 . 2007-12-03 11:21 21,000 --a------ C:\WINDOWS\system32\DeltaIIpnl.dll
2007-12-22 12:49 . 2007-12-03 11:21 12,296 --a------ C:\WINDOWS\system32\deltaIICoIn.dll
2007-12-22 12:48 . 2007-12-22 12:48 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\InstallShield
2007-12-22 10:22 . 2007-12-22 10:22 <DIR> d--h----- C:\Documents and Settings\All Users\Application Data\ActiveSMART
2007-12-22 08:15 . 2007-12-22 08:15 <DIR> d-------- C:\Deckard
2007-12-20 20:32 . 2005-04-12 20:17 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dllx
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dllksd
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a------ C:\WINDOWS\system32\xpsp2res.dll
2007-12-20 20:32 . 2007-12-20 20:34 2,897,920 --a--c--- C:\WINDOWS\system32\dllcache\xpsp2res.dll
2007-12-20 11:54 . 2007-12-20 11:54 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Uniblue
2007-12-17 10:22 . 2007-12-17 10:22 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Thinstall
2007-12-17 08:58 . 2007-12-17 09:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-17 07:21 . 2007-12-17 07:47 <DIR> d-------- C:\VundoFix Backups
2007-12-16 21:25 . 2007-12-17 13:06 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\iolo
2007-12-16 21:25 . 2007-12-16 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2007-12-16 21:25 . 2007-12-16 21:25 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2007-12-16 20:39 . 2007-12-16 20:43 6,904,446 --a------ C:\WINDOWS\AsusUpdt_V71302.zip
2007-12-16 09:35 . 2007-12-16 09:35 <DIR> d-------- C:\Documents and Settings\KrypticChewie\Application Data\Waves Audio
2007-12-15 14:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-15 14:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-15 14:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-15 14:09 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-12-15 14:07 . 2007-12-15 14:07 <DIR> d-------- C:\Program Files\Microsoft Works
2007-12-15 14:06 . 2007-12-15 14:06 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-12-15 13:57 . 2007-12-15 13:57 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-15 13:55 . 2007-12-15 14:07 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-12-15 13:55 . 2007-12-16 20:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 13:54 . 2007-12-15 13:54 <DIR> dr-h----- C:\MSOCache
2007-12-14 20:34 . 2007-12-14 20:34 <DIR> d-------- C:\Program Files\HddLed
2007-12-13 09:48 . 2007-12-13 09:53 3,604,480 --a------ C:\LogFile.Etl
2007-12-13 09:46 . 2007-12-13 09:46 <DIR> d-------- C:\Program Files\Greatis
2007-12-12 07:50 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-12 07:50 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2007-12-10 09:36 . 2007-12-10 09:36 3,532 --a------ C:\drmHeader.bin
2007-12-06 11:36 . 2002-07-07 18:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2007-12-06 11:36 . 2006-06-20 04:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2007-12-06 11:31 . 2007-12-06 15:56 <DIR> d-------- C:\Program Files\Image-Line
2007-12-04 20:52 . 2007-12-04 20:52 <DIR> d-------- C:\Program Files\Antares Audio Technologies
2007-12-03 21:33 . 2007-12-03 21:33 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-12-03 21:33 . 2007-12-03 21:33 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-12-03 21:33 . 2007-12-03 21:33 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-12-03 21:33 . 2007-12-03 21:33 682,496 --a------ C:\WINDOWS\system32\DivX.dll
2007-12-03 21:33 . 2007-12-03 21:33 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2007-12-02 19:58 . 2007-12-02 20:44 <DIR> d-------- C:\Program Files\Microsoft Bootvis
2007-12-02 19:31 . 2007-12-02 19:50 <DIR> d-------- C:\Program Files\r2 Studios
2007-11-29 18:30 . 2007-11-29 18:30 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 18:30 . 2007-11-29 18:30 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-11-29 18:30 . 2007-11-29 18:30 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-11-29 18:30 . 2007-11-29 18:30 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-11-29 18:30 . 2007-11-29 18:30 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2007-11-29 18:28 . 2007-11-29 18:28 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-11-29 18:28 . 2007-11-29 18:28 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-11-29 18:28 . 2007-11-29 18:28 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest
2007-11-29 18:28 . 2007-11-29 18:28 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest
2007-11-28 17:55 . 2007-11-28 17:55 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 17:53 . 2007-11-28 17:53 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 17:53 . 2007-11-28 17:53 352,401 --a------ C:\WINDOWS\system32\DivXMedia.ax
2007-11-28 17:53 . 2007-11-28 17:53 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-11-28 17:53 . 2007-11-28 17:53 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-11-28 17:53 . 2007-11-28 17:53 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-11-28 17:53 . 2007-11-28 17:53 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-11-28 17:53 . 2007-11-28 17:53 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 17:52 . 2007-11-28 17:52 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-22 16:54 --------- d-----w C:\Program Files\Energizer FileSaver
2007-12-22 16:49 157,832 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-22 16:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-22 16:48 --------- d-----w C:\Program Files\M-Audio
2007-12-22 16:26 10,840,650 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-22 14:22 --------- d-----w C:\Program Files\Active SMART
2007-12-22 13:04 --------- d-----w C:\Program Files\Java
2007-12-21 19:20 10,571,040 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-16 13:34 --------- d-----w C:\Program Files\Waves
2007-12-16 13:34 --------- d-----w C:\Program Files\Vstplugins
2007-12-15 18:07 --------- d-----w C:\Program Files\MSBuild
2007-12-12 12:19 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\DivXMuxGui
2007-12-08 13:55 --------- d-----w C:\Program Files\DivX
2007-12-02 23:24 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\nView_Wallpaper
2007-12-01 22:10 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-30 03:19 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\Free Download Manager
2007-11-23 20:13 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-11-17 21:48 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\MailFrontier
2007-11-17 12:22 --------- d-----w C:\Program Files\Aquila Technology
2007-11-17 11:43 --------- d-----w C:\Program Files\SonicWallES
2007-11-17 03:49 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\IsolatedStorage
2007-11-14 20:05 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-11-14 20:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-12 12:03 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-11-12 10:51 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-11-12 10:51 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-11-12 10:51 8,523,776 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-11-12 10:51 757,760 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-11-12 10:51 7,433,504 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-11-12 10:51 6,901,760 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-11-12 10:51 6,537,216 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-11-12 10:51 5,770,880 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-11-12 10:51 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-11-12 10:51 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-11-12 10:51 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-11-12 10:51 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-11-12 10:51 385,024 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-11-12 10:51 356,352 ----a-w C:\WINDOWS\system32\nvudisp.exe
2007-11-12 10:51 35,328 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-11-12 10:51 35,328 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-11-12 10:51 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-11-12 10:51 3,698,688 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-11-12 10:51 3,407,872 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-11-12 10:51 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-11-12 10:51 229,376 ----a-w C:\WINDOWS\system32\nvmccs.dll
2007-11-12 10:51 2,486,272 ----a-w C:\WINDOWS\system32\nvwss.dll
2007-11-12 10:51 188,416 ----a-w C:\WINDOWS\system32\nvmccss.dll
2007-11-12 10:51 155,716 ----a-w C:\WINDOWS\system32\nvsvc32.exe
2007-11-12 10:51 147,456 ----a-w C:\WINDOWS\system32\nvcolor.exe
2007-11-12 10:51 1,703,936 ----a-w C:\WINDOWS\system32\nvwdmcpl.dll
2007-11-12 10:51 1,626,112 ----a-w C:\WINDOWS\system32\nwiz.exe
2007-11-12 10:51 1,474,560 ----a-w C:\WINDOWS\system32\nview.dll
2007-11-12 10:51 1,339,392 ----a-w C:\WINDOWS\system32\nvdspsch.exe
2007-11-12 10:51 1,212,416 ----a-w C:\WINDOWS\system32\nvmobls.dll
2007-11-12 10:51 1,089,536 ----a-w C:\WINDOWS\system32\nvcuda.dll
2007-11-12 10:51 1,019,904 ----a-w C:\WINDOWS\system32\nvwimg.dll
2007-11-02 23:00 359,808 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 21:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 02:31 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\Nero
2007-10-27 02:30 --------- d-----w C:\Program Files\Common Files\Nero
2007-10-27 02:27 --------- d-----w C:\Program Files\Nero
2007-10-27 02:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-10-27 02:09 --------- d-----w C:\Program Files\Common Files\Ahead
2007-10-24 05:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2007-10-24 05:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll
2007-10-24 05:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2007-10-24 05:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2007-10-22 17:56 --------- d-----w C:\Documents and Settings\KrypticChewie\Application Data\uTorrent
2007-10-21 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 02:38 512 ----a-w C:\ScanSectorLog.dat
2007-10-11 13:55 88,576 ----a-w C:\WINDOWS\system32\infocardapi.dll
2007-10-11 13:55 579,584 ----a-w C:\WINDOWS\system32\icardagt.exe
2007-10-11 13:55 11,776 ----a-w C:\WINDOWS\system32\icardres.dll
2007-10-09 17:03 779,800 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2007-10-09 17:03 73,752 ----a-w C:\WINDOWS\system32\dxva2.dll
2007-10-09 17:03 493,080 ----a-w C:\WINDOWS\system32\evr.dll
2007-10-09 17:03 350,744 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2007-10-09 17:03 33,304 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2007-10-09 17:03 161,304 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2007-10-09 17:03 106,520 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2007-10-09 17:03 1,986,072 ----a-w C:\WINDOWS\system32\milcore.dll
2007-10-09 16:58 16,896 ----a-w C:\WINDOWS\system32\tswpfwrp.exe
2007-09-22 21:23 796,672 ----a-w C:\WINDOWS\GPInstall.exe
2007-04-14 06:26 17,112,013 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_12_19_05_20_full.dmp.zip
2007-04-14 06:26 17,066,422 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2007_04_09_10_34_14_full.dmp.zip
2007-01-15 21:47 284 ----a-w C:\Documents and Settings\KrypticChewie\Application Data\ViewerApp.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-22_10.53.33.64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-03 15:21:38 25,096 ----a-w C:\WINDOWS\LastGood\system32\deltaIIasio.dll
+ 2007-12-03 15:21:40 727,560 ----a-w C:\WINDOWS\LastGood\system32\DeltaIICpl.exe
+ 2007-12-03 15:21:42 21,000 ----a-w C:\WINDOWS\LastGood\system32\DeltaIIpnl.dll
+ 2007-12-03 15:21:42 236,040 ----a-w C:\WINDOWS\LastGood\system32\DeltaIITray.exe
+ 2007-12-03 15:21:30 297,992 ----a-w C:\WINDOWS\LastGood\system32\drivers\deltaII.sys
+ 2004-08-04 03:08:00 60,288 ----a-w C:\WINDOWS\LastGood\system32\drivers\drmk.sys
+ 2004-08-04 03:15:22 140,928 ----a-w C:\WINDOWS\LastGood\system32\drivers\ks.sys
+ 2004-08-04 03:15:50 145,792 ----a-w C:\WINDOWS\LastGood\system32\drivers\portcls.sys
+ 2004-08-04 03:08:04 48,640 ----a-w C:\WINDOWS\LastGood\system32\drivers\stream.sys
+ 2004-08-04 04:56:44 4,096 ----a-w C:\WINDOWS\LastGood\system32\ksuser.dll
+ 2007-12-03 15:21:44 2,513,432 ----a-w C:\WINDOWS\LastGood\system32\pcifmdio.dll
- 2007-12-22 03:31:56 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-12-22 16:54:27 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-12-22 14:53:02 671,732 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-12-22 16:53:57 675,428 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-12-21 15:01:31 7,287,357 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-12-22 15:06:03 7,302,616 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-12-22 16:54:14 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005 "= "C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 19:30]
"PowerPanel Personal Edition User Interaction "= "C:\Program Files\Energizer FileSaver\pppeuser.exe" [2005-07-19 14:25]
"NVIDIA nTune "= "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"hddled.exe "=" " []
"ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" []
"SpybotSD TeaTimer "= "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"Uniblue RegistryBooster 2 "= "C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "RUNDLL32.exe" [2004-08-04 00:56 C:\WINDOWS\system32\rundll32.exe]
"GrooveMonitor "= "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00]
"ZoneAlarm Client "= "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"M-Audio Taskbar Icon "= "C:\WINDOWS\System32\DeltaIITray.exe" [2007-12-03 11:21]
"DeltaIITaskbarApp "= "C:\WINDOWS\system32\DeltaIITray.exe" [2007-12-03 11:21]

C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\
Active SMART.lnk - C:\Program Files\Active SMART\ActiveSMART.exe [2006-12-05 16:03:44]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Ai Booster v2.00.68.lnk - C:\Program Files\ASUS\Ai Booster\OverClk.exe [2006-10-14 21:36:16]
NVIDIA Monitor.lnk - C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe [2007-07-03 12:31:46]
taskmgr.lnk - C:\WINDOWS\system32\taskmgr.exe [2004-08-04 00:56:58]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 19:50:52]
SATARAID5.lnk - C:\Program Files\Silicon Image\3114 SATARAID5\sam.jar [2006-10-12 19:48:23]

R2 hddledd;hddledd;C:\Program Files\HddLed\hddledd.exe [2007-11-13 16:43]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);C:\WINDOWS\system32\DRIVERS\deltaII.sys [2007-12-03 11:21]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver;C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 19:21]
R3 WmFilter;Logitech Gaming HID Filter Driver;C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 19:21]
R3 WmXlCore;Logitech WingMan Translation Layer Driver;C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 19:21]
S1 StarPort;StarPort Storage Controller;C:\WINDOWS\system32\DRIVERS\StarPort.sys []
S2 ActiveSMART Service;ActiveSMART Service;C:\Program Files\Active SMART\ASmartService.exe [2007-11-15 16:40]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 WmVirHid;Logitech Virtual Hid Device Driver;C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 19:21]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 09:51]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0f0f44f-5a1c-11db-9ae2-806d6172696f}]
\Shell\AutoRun\command - F:\ASUSACPI.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-21 15:20:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-21 15:21:32
C:\ComboFix2.txt ... 2007-12-22 10:55
.
2007-12-17 00:35:19 --- E O F ---

 

Extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+
Percentage of Memory in Use: 39%
Physical Memory (total/avail): 2047.48 MiB / 1229.54 MiB
Pagefile Memory (total/avail): 5986.91 MiB / 5327.03 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.94 MiB

C: is Fixed (NTFS) - 39.05 GiB total, 3.33 GiB free.
D: is Fixed (NTFS) - 78.13 GiB total, 11.53 GiB free.
E: is Fixed (NTFS) - 3.91 GiB total, 1.88 GiB free.
F: is CDROM (No Media)
G: is CDROM (No Media)
I: is CDROM (No Media)
J: is Fixed (NTFS) - 27.95 GiB total, 8.08 GiB free.
K: is Fixed (NTFS) - 74.53 GiB total, 18.14 GiB free.

\\.\PHYSICALDRIVE0 - ST3160812AS - 149.05 GiB - 4 partitions
\PARTITION0 - Extended w/Extended Int 13 - 39.05 GiB - C:
\PARTITION1 (bootable) - Installable File System - 78.13 GiB - D:
\PARTITION2 - Installable File System - 3.91 GiB - E:
\PARTITION3 - Installable File System - 27.95 GiB - J:

\\.\PHYSICALDRIVE1 - ST3160812AS - 149.05 GiB - 0 partitions

\\.\PHYSICALDRIVE2 - FUJITSU MHT2080AT USB Device - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - K:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe "= "C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe:*:Enabled:Kaspersky Anti-Virus "
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe "= "C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service "
"C:\\Program Files\\Messenger\\msmsgs.exe "= "C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger "
"C:\\Documents and Settings\\KrypticChewie\\Desktop\\utorrent-1.6.1-beta-build-483.exe "= "C:\\Documents and Settings\\KrypticChewie\\Desktop\\utorrent-1.6.1-beta-build-483.exe:*:Enabled:µTorrent "
"C:\\Program Files\\MSN Messenger\\msncall.exe "= "C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) "
"%windir%\\Network Diagnostic\\xpnetdiag.exe "= "%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe "= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "
"C:\\Program Files\\MSN Messenger\\livecall.exe "= "C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "
"C:\\Program Files\\uTorrent\\uTorrent.exe "= "C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent "
"C:\\Documents and Settings\\KrypticChewie\\Desktop\\uTorrent.exe "= "C:\\Documents and Settings\\KrypticChewie\\Desktop\\uTorrent.exe:*:Enabled:µTorrent "
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook "
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove "
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\KrypticChewie\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BLACKRAGE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\KrypticChewie
LOGONSERVER=\\BLACKRAGE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\Program Files\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;; "C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier "; "C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier ";C:\Program Files\Common Files\iZotope\Runtimes;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\KRYPTI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\KRYPTI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=BLACKRAGE
USERNAME=KrypticChewie
USERPROFILE=C:\Documents and Settings\KrypticChewie
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

KrypticChewie (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3114 SATARAID5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
Active SMART --> "C:\Program Files\Active SMART\unins000.exe "
Adobe Audition 2.0 --> msiexec /I {01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Bridge 1.0 --> MsiExec.exe /I{AE3D38A6-13B1-40B3-9423-D1FA9982FB6A}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 2.0 --> MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AI - Series --> "C:\Program Files\AI - Series\AI - Series.scr" /S /Uninstall
Ai Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74BF0A46-DF67-4D86-B038-BF0E51871B66}\Setup.exe" -l0x9
Antares Autotune VST RTAS TDM v5.08 --> "C:\Program Files\Antares Audio Technologies\unins000.exe "
ASIO4ALL --> C:\Program Files\ASIO4ALL v2\uninstall.exe
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x9
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audio DVD Creator 1.9.1.0 --> "C:\Program Files\Goland\Audio DVD Creator\unins000.exe "
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe "
BOINC --> MsiExec.exe /I{4E8EEF60-6CB1-4DE2-9528-D6626D718F42}
BootLog XP --> "C:\Program Files\Greatis\BootLog XP\unins000.exe "
Collab --> C:\Program Files\Image-Line\Collab\uninstall.exe
Command & Conquer 3 --> MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Cool & Quiet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\Setup.exe" -l0x9
Create and Print Greeting Cards 1.0 --> MsiExec.exe /I{84B1561B-4DE3-4FA8-8A08-805E553171EC}
Delta --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe" -l0x9 -removeonly
DivX Author 1.5 --> C:\Program Files\DivX\DivX Author 1.5\DivXAuthorUninstall.exe /DIVX_AUTHOR
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dr. DivX 2.0 OSS --> C:\Program Files\DivX\Dr. DivX 2.0 OSS\Remove.exe
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe "
DVDFab Decrypter 3.0.2.5 --> "C:\Program Files\DVDFab Decrypter 3\unins000.exe "
Energizer FileSaver --> MsiExec.exe /I{4EE70958-D4CD-4BF2-9BC9-D74F8622A0A9}
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\setup.exe" -l0x9 -removeonly
First Step Guide --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EC786D5-C0CA-42E0-AF88-5379EF9D91EC}\setup.exe" -l0x9 UNINSTALL
FL Studio v7.0 --> "C:\Program Files\Image-Line\FL Studio 7\unins000.exe "
Free Download Manager 2.1 --> "C:\Program Files\Free Download Manager\unins000.exe "
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe "
HddLed Indicator (remove only) --> "C:\Program Files\HddLed\uninstall.exe "
HijackThis 2.0.2 --> "C:\Documents and Settings\KrypticChewie\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe "
HP Image Zone 4.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart Cameras 4.5 --> C:\Program Files\HP\Digital Imaging\{78FD2974-C98B-4b84-9E9F-1AEE16AE0029}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IL Download Manager --> C:\Program Files\Image-Line\Downloader\uninstall.exe
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ImageMixer VCD2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Interactive User’s Guide --> MsiExec.exe /I{E786D4DB-EB0D-4474-ADC2-3C229BC17FCA}
iZotope Ozone 3 --> "C:\Program Files\iZotope\Ozone 3\unins000.exe "
iZotope Spectron --> "C:\Program Files\iZotope\Spectron\unins000.exe "
iZotope Trash --> "C:\Program Files\iZotope\Trash\unins000.exe "
iZotope Vinyl --> "C:\Program Files\iZotope\Vinyl\unins000.exe "
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_04 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 1.58 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe "
Logitech Gaming Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe "
Microsoft Bootvis --> MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Need for Speedâ„¢ Carbon --> D:\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need for Speedâ„¢ Most Wanted --> D:\nfsx\EAUninstall.exe
Nero 8 --> MsiExec.exe /X{90AABED0-25A8-41FC-B738-224889E31033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PhotoThru --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31007303-BF55-459C-8B49-AB883DA68789}\Setup.exe" -l0x9
Picture Package --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ResChanger 2005 --> C:\WINDOWS\iun6002.exe "C:\Program Files\ResChanger 2005\irunin.ini "
Sony DVD Architect 4.0 --> MsiExec.exe /X{5FFCABF2-B00D-4DCE-BFDC-D7689DD5C3F1}
Sony Media Manager 2.2 --> MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sony Vegas 7.0 --> MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
Starcraft --> C:\WINDOWS\SCunin.exe C:\WINDOWS\SCunin.dat
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta "
UltraISO V7.65 ME --> "C:\Program Files\UltraISO\unins000.exe "
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Card Stability Test --> C:\Program Files\Video Card Stability Test\uninstall.exe
Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
Voice Editor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9725BC41-2DF8-491C-9450-B151152C7906}\Setup.exe" -l0x9 -removeonly
WakeOnLan --> MsiExec.exe /I{16E74020-1961-4907-AB62-11B6F5B13324}
Warcraft III: All Products --> C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
Waves Diamond Bundle v5.2 --> C:\PROGRA~1\Waves\DIAMON~1\UNWISE.EXE C:\PROGRA~1\Waves\DIAMON~1\INSTALL.LOG
Waves L3 v5.2 --> C:\PROGRA~1\Waves\UNINST~1\UNWISE.EXE C:\PROGRA~1\Waves\UNINST~1\INSTALL.LOG
Waves Mercury Bundle --> C:\PROGRA~1\Waves\Logs\WAVESM~1\UNWISE.EXE C:\PROGRA~1\Waves\Logs\WAVESM~1\INSTALL.LOG
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe "
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll ",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe "
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Vista Upgrade Advisor --> MsiExec.exe /I{F80BA35D-D1CD-4B8B-8129-9FC918F9D42D}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}
XML Paper Specification Shared Components Pack 1.0 -->
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type2093 / Warning
Event Submitted/Written: 12/20/2007 08:45:17 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type2092 / Warning
Event Submitted/Written: 12/20/2007 08:45:17 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Event Record #/Type2075 / Error
Event Submitted/Written: 12/16/2007 08:47:50 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application update.exe, version 7.13.0.2, faulting module update.exe, version 7.13.0.2, fault address 0x0002ba11.
Processing media-specific event for [update.exe!ws!]

Event Record #/Type2067 / Error
Event Submitted/Written: 12/16/2007 09:36:16 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application showtime.exe, version 4.1.0.0, faulting module msvcr80.dll, version 8.0.50727.1433, fault address 0x00008aa0.
Processing media-specific event for [showtime.exe!ws!]

Event Record #/Type2020 / Warning
Event Submitted/Written: 12/15/2007 02:07:56 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, OffProv12, has been registered in the WMI namespace, Root\MSAPPS12, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type20366 / Error
Event Submitted/Written: 12/21/2007 09:26:43 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type20344 / Error
Event Submitted/Written: 12/21/2007 09:17:13 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type20335 / Warning
Event Submitted/Written: 12/21/2007 11:42:17 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type20319 / Error
Event Submitted/Written: 12/20/2007 10:03:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

Event Record #/Type20318 / Warning
Event Submitted/Written: 12/20/2007 10:00:35 PM / 12/20/2007 10:00:56 PM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2007-12-22 08:20:14 ------------

 

System Repair Engineer log

Code:

2007-12-22,15:37:42

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ResChanger 2005>< "C:\Program Files\ResChanger 2005\ResChanger2005.exe ">  [EVGA CORP]
    <PowerPanel Personal Edition User Interaction>< "C:\Program Files\Energizer FileSaver\pppeuser.exe ">  []
    <NVIDIA nTune>< "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear>  [N/A]
    <hddled.exe><>  [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}>< "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe ">  [N/A]
    <SpybotSD TeaTimer><C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe>  [(Verified)Safer Networking Ltd.]
    <Uniblue RegistryBooster 2><C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <GrooveMonitor>< "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe ">  [(Verified)Microsoft Corporation]
    <ZoneAlarm Client>< "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ">  [(Verified)Check Point Software Technologies Ltd.]
    <SunJavaUpdateSched>< "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe ">  [(Verified) "Sun Microsystems, Inc."]
    <M-Audio Taskbar Icon><C:\WINDOWS\System32\DeltaIITray.exe>  [(Verified)M-Audio]
    <DeltaIITaskbarApp><C:\WINDOWS\system32\DeltaIITray.exe>  [(Verified)M-Audio]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6>< "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

==================================
Startup Folders
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[HP Image Zone Fast Start]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]><N>
[SATARAID5]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SATARAID5.lnk --> C:\PROGRA~1\SILICO~1\3114SA~1\sam.jar [N/A]><N>
[Active SMART]
  <C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\Active SMART.lnk --> C:\PROGRA~1\ACTIVE~1\ACTIVE~1.EXE [Ariolic Software, Ltd. (http://www.ariolic.com)]><N>
[Adobe Gamma]
  <C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\Adobe Gamma.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Ai Booster v2.00.68]
  <C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\Ai Booster v2.00.68.lnk --> C:\PROGRA~1\ASUS\AIBOOS~1\OverClk.exe [N/A]><N>
[NVIDIA Monitor]
  <C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\NVIDIA Monitor.lnk --> C:\PROGRA~1\NVIDIA~1\nTune\NVMONI~1.EXE [NVIDIA]><N>
[taskmgr]
  <C:\Documents and Settings\KrypticChewie\Start Menu\Programs\Startup\taskmgr.lnk --> C:\WINDOWS\system32\taskmgr.exe [Microsoft Corporation]><N>

==================================
Services
[ActiveSMART Service / ActiveSMART Service][Stopped/Auto Start]
  <C:\Program Files\Active SMART\ASmartService.exe><Ariolic Software, Ltd. (http://www.ariolic.com)>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  < "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "><Adobe Systems>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[hddledd / hddledd][Running/Auto Start]
  <C:\Program Files\HddLed\hddledd.exe><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  < "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "><Microsoft Corporation>
[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Stopped/Manual Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Stopped/Disabled]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  < "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe "><Microsoft Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  < "C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe "><Nero AG>
[nTune Service / nTuneService][Running/Auto Start]
  <C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService><NVIDIA>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[FileSaver Service / ppped][Running/Auto Start]
  < "C:\Program Files\Energizer FileSaver\ppped.exe "><N/A>
[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]
  <C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR><Microsoft Corporation>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AsIO / AsIO][Running/System Start]
  <system32\drivers\AsIO.sys><N/A>
[catchme / catchme][Stopped/Manual Start]
  <\??\C:\DOCUME~1\KRYPTI~1\LOCALS~1\Temp\catchme.sys><N/A>
[Service for Delta Driver (WDM) / DELTA][Stopped/Manual Start]
  <system32\DRIVERS\delta.sys><N/A>
[Service for M-Audio Delta Driver (WDM) / DELTAII][Running/Manual Start]
  <system32\DRIVERS\deltaII.sys><Avid Technology, Inc.>
[Team MFP Comm Driver / DgiVecp][Running/Auto Start]
  <System32\Drivers\DgiVecp.sys><DeviceGuys, Inc.>
[kl1 / kl1][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\kl1.sys><N/A>
[KLIF / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVR0Dev / NVR0Dev][Running/Manual Start]
  <\??\C:\WINDOWS\nvoclock.sys><NVidia Corp.>
[Low level access layer for CD devices / Pcouffin][Running/Manual Start]
  <System32\Drivers\Pcouffin.sys><VSO Software>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiI-3114 SoftRaid 5 Controller / Si3114r5][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\Si3114r5.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
  <system32\DRIVERS\sonypvs1.sys><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[srescan / srescan][Running/Boot Start]
  <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[StarPort Storage Controller / StarPort][Stopped/System Start]
  <system32\DRIVERS\StarPort.sys><N/A>
[vsdatant / vsdatant][Running/System Start]
  <System32\vsdatant.sys><Zone Labs, LLC>
[WBHWDOCT / WBHWDOCT][Stopped/Manual Start]
  <\??\C:\Program Files\Winbond Electronics Corp\Voice Editor\WBHWDOCT.SYS><Winbond Electronics Corp.>
[Logitech Virtual Bus Enumerator Driver / WmBEnum][Running/Manual Start]
  <system32\drivers\WmBEnum.sys><Logitech Inc.>
[Logitech Gaming HID Filter Driver / WmFilter][Running/Manual Start]
  <system32\drivers\WmFilter.sys><Logitech Inc.>
[Logitech Virtual Hid Device Driver / WmVirHid][Stopped/Manual Start]
  <system32\drivers\WmVirHid.sys><Logitech Inc.>
[Logitech WingMan Translation Layer Driver / WmXlCore][Running/Manual Start]
  <system32\drivers\WmXlCore.sys><Logitech Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdmcks.dll, N/A>
[Java Plug-in 1.6.0_03]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll, Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Spybot-S&D IE Protection]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, N/A>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Crucial cpcScan]
  {A90A5822-F108-45AD-8482-9BC8B12DD539} <C:\WINDOWS\Downloaded Program Files\cpcScan.dll, N/A>
[Java Plug-in 1.4.2_04]
  {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
  {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Microsoft Visio Document]
  {279D6C9A-652E-4833-BEFC-312CA8887857} <C:\PROGRA~1\MI1933~1\Office12\VVIEWER.DLL, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, N/A>
[Spybot-S&D IE Protection]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre1.6.0_03\bin\wsdetect.dll, Sun Microsystems, Inc.>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, Microsoft Corporation>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Safety Center Control Module]
  {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Crucial cpcScan]
  {A90A5822-F108-45AD-8482-9BC8B12DD539} <C:\WINDOWS\Downloaded Program Files\cpcScan.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[FDMIECookiesBHO Class]
  {CC59E0F9-7E43-44FA-9FAA-8377850BF205} <C:\Program Files\Free Download Manager\iefdmcks.dll, N/A>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Download all with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlall.htm, N/A>
[Download selected with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dlselected.htm, N/A>
[Download with Free Download Manager]
  <file://C:\Program Files\Free Download Manager\dllink.htm, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 880 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1236 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1380 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1672 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

 

log part 2

[PID: 1740 / SYSTEM][C:\WINDOWS\system32\ZoneLabs\vsmon.exe] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSUTIL.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSINIT.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\zpeng24.dll] [Python Software Foundation, 2.4.2]
[C:\WINDOWS\system32\ZoneLabs\dbghelp.dll] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
[C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd] [N/A, ]
[C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd] [N/A, ]
[C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd] [N/A, ]
[C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd] [N/A, ]
[C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\vsmondll.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSDATA.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\ssleay32.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\vsxml.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\fbl.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\zlcomm.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZLCommDB.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\vsdb.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\vsvault.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\vswmi.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\av.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll] [Kaspersky Lab., 5, 0, 1, 82]
[C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll] [N/A, ]
[C:\WINDOWS\system32\ZoneLabs\imsecure.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll] [Kaspersky Lab, 6.0.5.678]
[C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\qrbase.dll] [Zone Labs, LLC, 5, 0, 187, 0]
[C:\WINDOWS\system32\ZoneLabs\scheduler.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\zlsre.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\srescan.dll] [Zone Labs, LLC, 5, 0, 187, 0]
[C:\WINDOWS\system32\ZoneLabs\zlupdate.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll] [N/A, ]
[C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\camupd.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\vsavpro.dll] [Zone Labs, LLC, 7.0.462.000]
[PID: 1900 / KrypticChewie][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll] [Nero AG, 3, 1, 0, 8]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 5, 0, 8]
[C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll] [Nero AG, 3, 1, 0, 0]
[C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\WinZip\wzshlstb.dll] [WinZip Computing LP, 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.6909]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll] [Nero AG, 3, 1, 1, 0]
[C:\Program Files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll] [Nero AG, 1,1,0, 207]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe] [N/A, ]
[C:\WINDOWS\system32\ZoneLabs\avsys\fssync.dll] [Kaspersky Lab, 6.0.5.678]
[C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll] [Kaspersky Lab, 6.0.2.678]
[C:\WINDOWS\system32\ZoneLabs\avsys\prkernel.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avpmgr.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\wdiskio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\nfio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\fsdrvplg.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avlib.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\dtreg.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\prutil.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avp1.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\l_llio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\ichk2.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\sfdb.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\ichksa.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\mkavio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hashmd5.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hashcont.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hccmp.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\iwgen.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\uniarc.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\minizip.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\cab.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\arj.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\rar.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\lha.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\mdb.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\msoe.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\tempfile.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avpgs.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\thpimpl.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\dmap.ppl] [Kaspersky Lab, 6.0.2.678]
[PID: 672 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\SPPB2LMK.DLL] [Samsung Electronics., 1.1.2.0]
[C:\WINDOWS\system32\SUGS1LMK.DLL] [Samsung Electronics., 1.1.2.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)]
[PID: 792 / SYSTEM][C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe] [N/A, ]
[C:\WINDOWS\system32\ZoneLabs\avsys\fssync.dll] [Kaspersky Lab, 6.0.5.678]
[C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll] [Kaspersky Lab, 6.0.2.678]
[C:\WINDOWS\system32\ZoneLabs\avsys\prkernel.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avpmgr.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\wdiskio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\nfio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\fsdrvplg.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avlib.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\dtreg.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\prutil.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avp1.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\l_llio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\ichk2.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\sfdb.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\ichksa.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\mkavio.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hashmd5.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hashcont.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\hccmp.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\iwgen.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\uniarc.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\minizip.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\cab.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\arj.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\rar.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\lha.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\mdb.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\msoe.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\tempfile.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\avpgs.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\thpimpl.ppl] [Kaspersky Lab, 6.0.2.678]
[c:\windows\system32\zonelabs\avsys\dmap.ppl] [Kaspersky Lab, 6.0.2.678]
[PID: 1512 / SYSTEM][C:\Program Files\HddLed\hddledd.exe] [N/A, ]
[PID: 1548 / SYSTEM][C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe] [NVIDIA, 5.05.47]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll] [NVIDIA, 5.05.47]
[C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll] [NVIDIA, 5.05.47]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6909]
[PID: 1728 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.6909]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6909]
[PID: 1732 / SYSTEM][C:\Program Files\Energizer FileSaver\ppped.exe] [N/A, ]
[PID: 532 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1928 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2840 / KrypticChewie][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe] [Microsoft Corporation, 12.0.6211.1000]
[PID: 2856 / KrypticChewie][C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSUTIL.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSINIT.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\VSPUBAPI.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\framewrk.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\zpeng24.dll] [Python Software Foundation, 2.4.2]
[C:\WINDOWS\system32\ZoneLabs\dbghelp.dll] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
[C:\WINDOWS\system32\ZoneLabs\fbl.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\vsdata.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\vsxml.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd] [, 1, 0, 0, 0]
[C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd] [N/A, ]
[C:\WINDOWS\system32\vsmonapi.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\zlcomm.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZLCommDB.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\scheduler.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\alert.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\email.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\filter.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\firewall.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\idlock.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\imsecure.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll] [N/A, ]
[C:\Program Files\Zone Labs\ZoneAlarm\privacy.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\programs.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\scan.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\av.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\security.zap] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\zlsre.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\camupd.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\zlparser.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\WINDOWS\system32\ZoneLabs\imsecure.dll] [Zone Labs, LLC, 7.0.462.000]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[PID: 2868 / KrypticChewie][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[PID: 2896 / KrypticChewie][C:\WINDOWS\System32\DeltaIITray.exe] [, 5.10.00.5065]
[PID: 2972 / KrypticChewie][C:\Program Files\ResChanger 2005\ResChanger2005.exe] [EVGA CORP, 1.0.0.0]
[PID: 3032 / KrypticChewie][C:\Program Files\Energizer FileSaver\pppeuser.exe] [N/A, ]
[PID: 3076 / KrypticChewie][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3168 / KrypticChewie][C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] [Safer Networking Limited, 1, 5, 0, 9]
[C:\Program Files\Spybot - Search & Destroy\advcheck.dll] [Safer Networking Limited, 1, 5, 3, 0]
[PID: 3296 / KrypticChewie][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 45.4.157.000]
[C:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll] [Hewlett-Packard, 4.5.0.133]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll] [Hewlett-Packard, 4.5.0.133]
[C:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll] [, 4.5.0.133]
[PID: 3632 / KrypticChewie][C:\Program Files\ASUS\Ai Booster\OverClk.exe] [N/A, ]
[C:\PROGRA~1\ASUS\AIBOOS~1\SpinWnd.ocx] [ASUSTek Inc., 1, 0, 0, 1]
[C:\Program Files\ASUS\Ai Booster\AOverClk.dll] [ASUSTeK COMPUTER INC., 1.0.0.0]
[C:\WINDOWS\system32\AsIO.dll] [, 1, 0, 0, 1]
[C:\Program Files\ASUS\Ai Booster\cpuutil.dll] [N/A, ]
[C:\Program Files\ASUS\Ai Booster\soundplay.dll] [N/A, ]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[PID: 3740 / KrypticChewie][C:\Program Files\NVIDIA Corporation\nTune\NVMonitor.exe] [NVIDIA, 5.05.47]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\NVIDIA Corporation\nTune\NvmonENU.dll] [NVIDIA, 5.05.47]
[C:\Program Files\NVIDIA Corporation\nTune\NvsuLib.dll] [NVIDIA, 5.05.47]
[C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.6909]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[PID: 3772 / KrypticChewie][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3852 / KrypticChewie][C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe] [ , 5, 0, 6, 8903]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mtdsdk.dll] [N/A, ]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\crsrpt.dll] [, 5, 0, 6, 8903]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\resources\mbzaenu.dll] [N/A, ]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[PID: 312 / KrypticChewie][C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe] [Hewlett-Packard Co., 045.004.157.000]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_df1b73dd\mscorlib.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_e6553cdc\system.windows.forms.dll] [N/A, ]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.2407]
[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_3dcb08c3\system.dll] [N/A, ]
[c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e027a66a\system.drawing.dll] [N/A, ]
[c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll] [Hewlett-Packard Co., 045.004.157.000]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [ , 3.0.0.0]
[C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 45.4.157.000]
[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.2032]
[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b98f416f\system.xml.dll] [N/A, ]
[c:\windows\assembly\gac\lead\13.0.0.89__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.89]
[c:\windows\assembly\gac\lead.wrapper\13.0.0.89__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.89]
[C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098]
[c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\lead.windows.forms\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.89]
[c:\windows\assembly\gac\lead.drawing\13.0.0.89__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.89]
[c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [ , 1.0.0.0]
[C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Co., 45.4.157.000]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71ENU.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573]
[c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.89__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.89]
[c:\windows\assembly\gac\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.89__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.89]
[c:\windows\assembly\gac\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\interop.hpdarc\1.0.0.0__19565c63d39c2842\interop.hpdarc.dll] [ , 1.0.0.0]
[c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0]
[c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Co., 045.004.157.000]
[c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Co., 045.004.157.000]
[PID: 2492 / KrypticChewie][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial]
[C:\Program Files\Free Download Manager\Firefox\Extension\components\component.dll] [N/A, ]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.64]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718]
[C:\Program Files\Mozilla Firefox\plugins\npnul32.dll] [mozilla.org, 1, 0, 0, 15]
[PID: 1132 / KrypticChewie][C:\Documents and Settings\KrypticChewie\Desktop\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mlfhook.dll] [, 5, 0, 6, 8903]
[C:\Documents and Settings\KrypticChewie\Desktop\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. [ "%1" %*]
.COM OK. [ "%1" %*]
.PIF OK. [ "%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. [ "%1" %*]
.SCR Error. [ "%1" /S "%3"]
.CHM OK. [ "C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 600, C:\WINDOWS\SYSTEM32\ZONELABS\AVSYS\SCANNINGPROCESS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 792, C:\WINDOWS\SYSTEM32\ZONELABS\AVSYS\SCANNINGPROCESS.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1728, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1732, C:\PROGRAM FILES\ENERGIZER FILESAVER\PPPED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2972, C:\PROGRAM FILES\RESCHANGER 2005\RESCHANGER2005.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3032, C:\PROGRAM FILES\ENERGIZER FILESAVER\PPPEUSER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3296, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3632, C:\PROGRAM FILES\ASUS\AI BOOSTER\OVERCLK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3740, C:\PROGRAM FILES\NVIDIA CORPORATION\NTUNE\NVMONITOR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 312, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]

 

Looks as though the infections are cleaned up. I am curios about some things though.

From the extra.txt log.

Event Record #/Type20319 / Error
Event Submitted/Written: 12/20/2007 10:03:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
kl1

This refers to Kaspersky antivirus. Did you have it installed at one time?

 

That actually refers to the kaspersky engine which is used by Zone Alarm Security Suite. That is apparently normal and will be fixed in an upcoming release according to Zone Labs.

 

Good to know. Thanks!

extra.txt log suggests that you have 3 hard drives - 2 internal? and 1 USB, and 3 cd-rom drives. Is that correct?

Can you check if startup hangs if all but the drive containing the operating system is attached.

 

It is quite difficult to open the machine where it is. I'll have to put down another and move to get into this one. Is there another way I could do this?