Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer(PC) doesn't switch on, on normal mode.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 9:29 am

thanks alot for your help, especially for that SmitfraudCCoreServices and the popups, really appreciated it.
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm
Advertisement
Register to Remove

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 11th, 2008, 11:51 am

hamzah95 wrote:if u haven't noticed, I said:

hamzah95 wrote:I had to repair my Windows XP so I did that. This is My COMBOFIX log as requested(from normal mode, becuase I repaired the windows).


so my windows is working properly(in normal mode), but when it startups, it goes to the windows xp logo and jams for about 1min and then it continues.


And anyway to disable NETNANNY without the real password?


I had read that, but the latest ComboFix log shows it was run in safemode, so I presumed the problem had reoccurred

Does it only hang when you boot to normal mode, or does it happen in safe mode as well ?
There is no evidence of NetNanny being installed, If it has been configured to hide itself then it will be very difficult to remove.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 12:07 pm

Sorry about that. Net nanny wasn't letting combofix run in normal mode.
It only hangs on normal mode startup.


and here is my updated softwares installed list:

7-Zip 4.20
Active Security Monitor 2.0.0.18
Adobe Flash Player ActiveX
Adobe Shockwave Player
BiniQDU
Browser Optimizer Rightonadz
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
Drug Lord 2
EAX Unified
EPSON Printer Software
Feeding Frenzy 2
FlyFF Resource Manager
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Video Player
Gutterball 2
HijackThis 2.0.2
HyperCam 2
ImageMixer
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
IsoBuster 1.9.1
Kaspersky Anti-Virus 7.0
Kaspersky Anti-Virus 7.0
Kaspersky Online Scanner
KRyLack Password Recovery
Magic Ball 2 New Worlds
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0
Microsoft DirectX SDK (November 2007)
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Logo
MicroStaff WINASPI
MSN Music Assistant
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero - Burning Rom
Nero 7 Premium
Net Nanny Parental Controls 5.6
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Updater
On2 VP7 Personal Edition
pak.zip
Panda TotalScan
Picture Package Music Transfer
Premium Booster
Quake 3 Arena Demo
QuickTime
RealPlayer
Realtek AC'97 Audio
ronaldo screensaver
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Task Manager 1.7e
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Snooker147 & Poolster (Shareware Demo) 1.3
Snooker147 1.0 (Shareware)
Sony Picture Utility
Sony USB Driver
SpeedFan (remove only)
Spybot - Search & Destroy 1.4
Symantec Technical Support Web Controls
Update for Outlook 2007 Junk Email Filter (kb943597)
VideoCAM GF112
VP6 Decoder
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinRAR archiver
WinZip
XMLinst
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Messenger
ZoneAlarm Spy Blocker
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 11th, 2008, 1:02 pm

Have you looked at this page regarding NetNanny ?
http://www.cexx.org/censware.htm


Try this for the slow boot

Download Winpatrol It is an excellent startup manager and then some !!

Install Winpatrol, and when running click on the Startup Programs tab
The following items can safely be disabled.

[HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
[IgfxTray] C:\WINDOWS\system32\igfxtray.exe
[NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
[NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
[QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
[TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[SoundMan] SOUNDMAN.EXE
[SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
[BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
[ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
[msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet


Just click on each item and then click Disable

Reboot your computer and see if that has helped the boot time.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 2:05 pm

even though it was blocked, i used an unblocker to see whats on it but nothing useful was on it and I read the part about the NatNanny. The password(~frontdoor) doesn't work and all the other instructions also don't help. Any other way you can find?
plz remember that this is like the latest version of NetNanny so its gonna be even harder and there is no running process called that ocraware or wann32.dll(something like that) I will try that booting software tomorow.


thanks again, but plz keep on trying to get the netnanny disabled, thanks
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 11th, 2008, 3:41 pm

When did you install NetNanny ?


Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 11th, 2008, 10:13 pm

2days ago(installed net nanny)

and here is that main notepad scan:;;


Deckard's System Scanner v20071014.68
Run by Hamza on 2008-02-12 05:57:54
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
21: 2008-02-12 01:58:43 UTC - RP21 - Deckard's System Scanner Restore Point
20: 2008-02-10 17:42:19 UTC - RP20 - Software Distribution Service 3.0
19: 2008-02-10 16:54:12 UTC - RP19 - Software Distribution Service 3.0
18: 2008-02-10 12:49:56 UTC - RP18 - ComboFix created restore point
17: 2008-02-10 12:41:36 UTC - RP17 - Removed Java(TM) 6 Update 3


-- First Restore Point --
1: 2008-02-06 15:27:40 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Percentage of Memory in Use: 85% (more than 75%).
Total Physical Memory: 510 MiB (512 MiB recommended).


-- HijackThis (run as Hamza.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:05, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Installing programs\downloads\dss.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Hamza.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 9972 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080131-195724-916 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
backup-20080131-195912-342 O1 - Hosts: 69.57.152.127 auto.search.msn.com
backup-20080131-195912-528 O1 - Hosts: 69.57.152.127 auto.search.msn.es
backup-20080131-195912-531 O18 - Filter hijack: text/html - (no CLSID) - (no file)
backup-20080131-195912-538 O4 - HKCU\..\Run: [Dash Axis] C:\DOCUME~1\Hamza\APPLIC~1\SHIMRE~1\Type Poke Title.exe
backup-20080131-195912-560 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
backup-20080131-195912-670 O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
backup-20080131-195912-737 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080131-195912-869 O4 - HKLM\..\Run: [STYLENURBLOGOLITE] C:\Documents and Settings\All Users\Application Data\Liveinfostylenurb\Title first.exe
backup-20080131-195912-923 O1 - Hosts: 69.57.152.127 pagead2.googlesyndication.com

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 SMBios (Intel (R) System Management BIOS Service) - c:\windows\system32\drivers\smbios.sys <Not Verified; Intel Corporation; Intel (R) System Management BIOS Driver>

S3 catchme - c:\docume~1\hamza\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 LMImirr - c:\windows\system32\drivers\lmimirr.sys (file missing)
S3 NPPTNT2 - c:\windows\system32\npptnt2.sys <Not Verified; INCA Internet Co., Ltd.; nProtect NPSC Kernel Mode Driver for NT>
S3 PIXMCV (JVC Communication PIX-MCV Driver) - c:\windows\system32\drivers\pixmcvc.sys <Not Verified; Pixela; PIX-MCV Communication Driver (WinMe/2000/XP)>
S3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CwAltaService20 (ContentWatch) - c:\program files\contentwatch\internet protection\cwsvc.exe <Not Verified; ContentWatch, Inc.; Alta>

S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-01-12 and 2008-02-12 -----------------------------

2008-02-11 16:03:28 0 drahs---- C:\autorun.inf
2008-02-10 18:24:06 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\KRyLack Password Recovery
2008-02-10 18:17:30 0 d-------- C:\Documents and Settings\Guest\Application Data\SiteAdvisor
2008-02-10 18:17:29 0 d-------- C:\Documents and Settings\Guest\Application Data\Sereniti
2008-02-10 18:07:32 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Macromedia
2008-02-10 18:07:09 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Adobe
2008-02-10 18:05:39 0 dr-h----- C:\Documents and Settings\Hamza_2\Application Data\yahoo!
2008-02-10 18:04:26 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Google
2008-02-10 17:44:35 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\SiteAdvisor
2008-02-10 17:44:35 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Sereniti
2008-02-10 17:44:27 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Real
2008-02-10 17:43:54 0 d-------- C:\Documents and Settings\Hamza_2\Application Data\Identities
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\SendTo
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\Recent
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\PrintHood
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\NetHood
2008-02-10 17:42:55 0 dr------- C:\Documents and Settings\Hamza_2\My Documents
2008-02-10 17:42:55 0 d--h----- C:\Documents and Settings\Hamza_2\Local Settings
2008-02-10 17:42:55 0 dr------- C:\Documents and Settings\Hamza_2\Favorites
2008-02-10 17:42:55 0 d-------- C:\Documents and Settings\Hamza_2\Desktop
2008-02-10 17:42:55 0 d---s---- C:\Documents and Settings\Hamza_2\Cookies
2008-02-10 17:42:55 0 dr-h----- C:\Documents and Settings\Hamza_2\Application Data
2008-02-10 17:42:55 0 d---s---- C:\Documents and Settings\Hamza_2\Application Data\Microsoft
2008-02-10 17:42:54 0 d--h----- C:\Documents and Settings\Hamza_2\Templates
2008-02-10 17:42:54 0 dr------- C:\Documents and Settings\Hamza_2\Start Menu
2008-02-10 17:42:54 1572864 --ah----- C:\Documents and Settings\Hamza_2\NTUSER.DAT
2008-02-10 17:41:07 0 d-------- C:\Documents and Settings\LocalService\ContentWatch
2008-02-10 17:38:52 2048000 --a------ C:\WINDOWS\system32\python25.dll <Not Verified; Python Software Foundation; Python>
2008-02-10 17:38:48 295424 --a------ C:\WINDOWS\system32\wxIE.dll <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:48 40960 --a------ C:\WINDOWS\system32\SPORDER.EXE <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-10 17:38:45 908288 --a------ C:\WINDOWS\system32\libxml2_CW.dll
2008-02-10 17:38:45 151552 --a------ C:\WINDOWS\system32\libexpat.dll
2008-02-10 17:38:43 346624 --a------ C:\WINDOWS\system32\cwalsp.dll <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:43 1843200 --a------ C:\WINDOWS\system32\AltaRecovery.exe <Not Verified; ContentWatch, Inc.; Alta>
2008-02-10 17:38:41 516096 --a------ C:\WINDOWS\system32\wxmsw28u_xrc_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 110592 --a------ C:\WINDOWS\system32\wxmsw28u_media_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 495616 --a------ C:\WINDOWS\system32\wxmsw28u_html_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:41 2899968 --a------ C:\WINDOWS\system32\wxmsw28u_core_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 712704 --a------ C:\WINDOWS\system32\wxmsw28u_adv_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 135168 --a------ C:\WINDOWS\system32\wxbase28u_xml_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 1220608 --a------ C:\WINDOWS\system32\wxbase28u_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:40 135168 --a------ C:\WINDOWS\system32\wxbase28u_net_vc_CW.dll <Not Verified; wxWidgets development team; wxWidgets>
2008-02-10 17:38:36 0 d-------- C:\Program Files\ContentWatch
2008-02-10 17:38:36 0 d-------- C:\Documents and Settings\All Users\Application Data\ContentWatch
2008-02-10 17:37:09 0 d-------- C:\Documents and Settings\Hamza\ContentWatch
2008-02-09 15:30:23 0 d-------- C:\Program Files\Panda Security
2008-02-07 21:35:40 0 d-------- C:\Documents and Settings\Hamza\Application Data\Malwarebytes
2008-02-07 21:35:34 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-07 21:35:34 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-07 21:00:55 0 d-------- C:\WINDOWS\ERUNT
2008-02-07 19:35:05 91700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-02-07 19:35:05 85860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-02-07 19:34:17 148256 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-02-07 19:34:17 3343904 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-07 19:34:16 0 d-------- C:\Program Files\Kaspersky Lab
2008-02-07 18:18:45 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-07 18:18:45 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-07 18:18:45 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-07 18:18:45 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-07 17:40:27 0 d-------- C:\kav
2008-02-07 17:13:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-07 17:12:58 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-07 16:12:53 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-02-07 16:12:52 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-07 16:12:38 0 d-------- C:\Program Files\SiteAdvisor
2008-02-07 16:12:25 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-07 16:12:24 0 d-------- C:\Documents and Settings\Hamza\Application Data\SiteAdvisor
2008-02-07 16:12:24 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-07 10:59:57 0 dr-h----- C:\$VAULT$.AVG
2008-02-06 19:53:33 0 d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-02-06 19:15:18 0 d-------- C:\WINDOWS\Prefetch
2008-02-06 17:06:04 0 d-------- C:\WINDOWS\setup.pss
2008-02-05 17:22:22 0 d-------- C:\Program Files\ACW
2008-02-04 16:10:12 2518 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-04 16:09:54 25600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-04 16:09:54 289144 --a------ C:\WINDOWS\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-02-04 16:09:54 83456 --a------ C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-02-04 16:09:54 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-02-04 16:09:54 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-02-04 16:09:54 81920 --a------ C:\WINDOWS\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-02-04 16:09:54 51200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-03 21:07:11 0 d--hs---- C:\WINDOWS\CSC
2008-02-02 09:52:01 0 d-------- C:\Documents and Settings\Guest\Application Data\AVG7
2008-02-01 20:10:04 70129 --a------ C:\AVG7QT.DAT
2008-02-01 19:58:43 0 d-------- C:\Documents and Settings\Hamza\Application Data\AVG7
2008-02-01 19:58:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-01 19:58:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-01 15:08:46 0 d-------- C:\Program Files\ZoneAlarmSB
2008-02-01 15:07:51 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-02-01 15:07:41 4212 --ah----- C:\WINDOWS\system32\zllictbl.dat
2008-02-01 15:07:13 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-02-01 15:06:24 0 d-------- C:\WINDOWS\Internet Logs
2008-02-01 12:32:56 0 d-------- C:\Program Files\Eusing Free Registry Cleaner
2008-02-01 11:48:09 0 d-------- C:\Program Files\Premium Booster
2008-02-01 11:43:38 0 d-------- C:\Program Files\Advanced Registry Doctor
2008-02-01 11:08:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 17:45:00 0 d-------- C:\Program Files\SpeedFan
2008-01-31 16:20:38 0 d--hs---- C:\FOUND.000
2008-01-31 15:31:20 0 d-------- C:\Program Files\Common Files\PC Tools
2008-01-31 15:31:16 0 d-------- C:\Program Files\PC Tools AntiVirus
2008-01-29 20:31:25 0 d-------- C:\Program Files\filesubmit
2008-01-24 18:14:24 0 d-------- C:\Program Files\Common Files\INCA Shared
2008-01-18 15:21:40 0 d-------- C:\Program Files\NoAdware5.0
2008-01-14 15:00:55 0 d-------- C:\Program Files\MSXML 4.0
2008-01-13 18:16:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-01-13 18:13:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2008-02-10 16:42:04 0 d-------- C:\Program Files\Common Files
2008-02-07 19:02:16 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-07 16:21:16 0 d-------- C:\Documents and Settings\Hamza\Application Data\Adobe
2008-02-07 10:59:58 0 d-------- C:\Program Files\FlyFF Resource Manager
2008-02-06 18:53:27 22720 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-01-31 16:55:00 68245 --a------ C:\Documents and Settings\Hamza\Application Data\NMM-MetaData.db
2008-01-03 11:51:16 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-03 11:51:16 286720 --a------ C:\WINDOWS\Setup1.exe <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Windows>
2008-01-01 00:15:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-21 13:58:20 0 d-------- C:\Program Files\Security Task Manager
2007-12-21 12:57:12 0 d-------- C:\Program Files\Abexo
2007-12-17 17:26:50 0 d-------- C:\Program Files\Microsoft Works
2007-12-17 17:26:38 0 d-------- C:\Program Files\MSBuild
2007-12-17 17:25:28 0 d-------- C:\Program Files\Microsoft.NET
2007-12-17 17:19:02 0 d-------- C:\Program Files\Microsoft Visual Studio 8


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-02-01 15:08 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-02-01 15:08 262144]

[-HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 16:44]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 16:48]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 14:50]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe" [2006-06-15 12:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 14:13]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 04:53 C:\WINDOWS\SOUNDMAN.EXE]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-12-05 01:03]
"ASM"="C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" [2006-11-07 15:11]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-12-18 00:43]
"cwcptray"="C:\Program Files\ContentWatch\Internet Protection\cwtray.exe" [2007-10-17 09:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 11:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43]

C:\Documents and Settings\Hamza\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-10-26 11:44:09]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-11-26 20:51:38]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)
"STI Simulator"=2 (0x2)
"StarWindService"=2 (0x2)
"SLService"=2 (0x2)
"ServiceLayer"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MDM"=2 (0x2)
"LiveUpdate Notice Service"=2 (0x2)
"LiveUpdate Notice Ex"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ISPwdSvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"CLTNetCnService"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aawservice"=2 (0x2)




-- End of Deckard's System Scanner: finished at 2008-02-12 06:11:18 ------------




and here is the extra:


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 2.80GHz
Percentage of Memory in Use: 80%
Physical Memory (total/avail): 509.8 MiB / 98.56 MiB
Pagefile Memory (total/avail): 1247.84 MiB / 859.32 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1904.14 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 29.29 GiB total, 18.16 GiB free.
D: is Fixed (NTFS) - 45.23 GiB total, 37.17 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800JB-00FMA0 - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 29.29 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 45.23 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus v7.0.1.321 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Hamza\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HAMZA
ComSpec=C:\WINDOWS\system32\cmd.exe
CWALTAHOME=C:\Program Files\ContentWatch
DXSDK_DIR=C:\Program Files\Microsoft DirectX SDK (November 2007)\
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Hamza
LOGONSERVER=\\HAMZA
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\Microsoft DirectX SDK (November 2007)\Utilities\Bin\x86;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Hamza\LOCALS~1\Temp
TMP=C:\DOCUME~1\Hamza\LOCALS~1\Temp
USERDOMAIN=HAMZA
USERNAME=Hamza
USERPROFILE=C:\Documents and Settings\Hamza
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Hamza (admin)
Hamza_2
Administrator (admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.20 --> "C:\Program Files\7-Zip\Uninstall.exe"
Active Security Monitor 2.0.0.18 --> "C:\Program Files\AOL\Active Security Monitor\unins000.exe"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
BiniQDU --> C:\WINDOWS\st6unst.exe -n "c:\BINIQDU\ST6UNST.LOG"
Browser Optimizer Rightonadz --> C:\WINDOWS\system32\rightonadz-uninst.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drug Lord 2 --> C:\Program Files\Drug Lord 2\druglord2.exe remove
EAX Unified --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Feeding Frenzy 2 --> C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
FlyFF Resource Manager --> "C:\Program Files\FlyFF Resource Manager\Uninstaller.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Player --> "C:\Program Files\Google\Google Video Player\Uninstall.exe"
Gutterball 2 --> "C:\Program Files\Gutterball 2\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HyperCam 2 --> d:\Hypercam\UnHyCam2.exe
ImageMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{879EF0D8-59CB-45DD-8A69-F27AFE09C08D}\Setup.exe" -l0x9
Intel Application Accelerator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IsoBuster 1.9.1 --> "D:\Installing programs\IsoBuster\Uninst\unins000.exe"
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Anti-Virus 7.0 --> MsiExec.exe /I{4B9BB601-13E9-4042-A3BC-E7955BF4A98F}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KRyLack Password Recovery --> MsiExec.exe /I{DB4A269D-7CDD-4FD8-8F08-335DDF5217C3}
Magic Ball 2 New Worlds --> C:\PROGRA~1\GAMEHO~1\MAGICB~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\MAGICB~1\INSTALL.LOG
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor --> C:\Program Files\SiteAdvisor\6253\uninstall.exe
Microsoft DirectX SDK (November 2007) --> MsiExec.exe /I{CA97B421-06CB-4040-8EC9-6ED02EA87930}
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Logo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF149A60-8F5A-4632-B5DE-EC35BCB5ADFC}\Setup.exe"
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero - Burning Rom --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Nero 7 Premium --> MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71033}
Net Nanny Parental Controls 5.6 --> "C:\Program Files\ContentWatch\Internet Protection\ContentProtect\Home\unins000.exe"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{0A3D3C54-2EC0-4D67-B265-FF17926E6D67}
Nokia PC Connectivity Solution --> MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite --> MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Updater --> MsiExec.exe /X{3741689E-584D-40C9-B011-373A0371846D}
On2 VP7 Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}\Setup.exe" -l0x9
pak.zip --> C:\PROGRA~1\FILESU~1\pak.zip\UNWISE.EXE C:\PROGRA~1\FILESU~1\pak.zip\INSTALL.LOG
Panda TotalScan --> C:\Program Files\Panda Security\TotalScan\ascuninst.exe
Picture Package Music Transfer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
Premium Booster --> C:\Program Files\Premium Booster\Uninstall Premium Booster.exe
Quake 3 Arena Demo --> C:\WINDOWS\unvise32.exe d:\games\uninstal.log
QuickTime --> MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
ronaldo screensaver --> C:\WINDOWS\ronaldo screensaver.scr /u
Scientific-Atlanta WebSTAR 2000 series Cable Modem --> UNDPX2A.EXE
Security Task Manager 1.7e --> C:\Program Files\Security Task Manager\Uninstal.exe "C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Snooker147 & Poolster (Shareware Demo) 1.3 --> C:\WINDOWS\uninst.exe -f"d:\snooker world\snooker 147 1.3\DeIsL1.isu"
Snooker147 1.0 (Shareware) --> C:\WINDOWS\uninst.exe -f"d:\snooker world\snooker 147\DeIsL1.isu"
Sony Picture Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
Sony USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Technical Support Web Controls --> MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Update for Outlook 2007 Junk Email Filter (kb943597) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A751F0DB-8476-4207-956E-20AEBBA4B1DA}
Upshift StrikeRacer --> D:\Upshift StrikeRacer\uninst.exe
VideoCAM GF112 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{088B7BF8-AC95-4348-B77B-619AEB3A74A5} /l1033
VP6 Decoder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D064F16E-88DA-4E8F-BBAE-0E2AA9A6AE61}\Setup.exe" -l0x9
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
WinRAR archiver --> D:\Installing programs\Winrar\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XMLinst --> MsiExec.exe /I{EA23971F-2CEE-48FC-B64D-7F74A6EF90F0}
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG
ZoneAlarm Spy Blocker --> rundll32 C:\PROGRA~1\ZONEAL~1\bar\1.bin\SpyBlock.dll,O


-- Application Event Log -------------------------------------------------------

Event Record #/Type41470 / Warning
Event Submitted/Written: 02/11/2008 08:30:26 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type41442 / Error
Event Submitted/Written: 02/10/2008 06:27:24 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.

Event Record #/Type41441 / Error
Event Submitted/Written: 02/10/2008 06:27:23 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.

Event Record #/Type41440 / Error
Event Submitted/Written: 02/10/2008 06:27:23 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.

Event Record #/Type41439 / Error
Event Submitted/Written: 02/10/2008 06:27:22 PM
Event ID/Source: 11913 / MsiInstaller
Event Description:
Product: KRyLack Password Recovery -- Error 1913. Could not update the ini file C:\Program Files\KRyLack Password Recovery\update.ini. Verify that the file exists and that you can access it.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type91126 / Error
Event Submitted/Written: 02/11/2008 06:35:45 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
kl1
klif
sptd

Event Record #/Type91125 / Error
Event Submitted/Written: 02/11/2008 06:35:18 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type91124 / Error
Event Submitted/Written: 02/11/2008 06:35:17 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Event Record #/Type91122 / Error
Event Submitted/Written: 02/11/2008 06:33:44 PM / 02/11/2008 06:34:44 PM
Event ID/Source: 4 / sptd
Event Description:
Driver detected an internal error in its data structures for .

Event Record #/Type91118 / Error
Event Submitted/Written: 02/11/2008 06:25:57 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service ServiceLayer with arguments ""
in order to run the server:
{ACF50018-41F8-476D-85FD-CD953DAE4A49}



-- End of Deckard's System Scanner: finished at 2008-02-12 06:11:18 ------------
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 12th, 2008, 6:06 am

Fix With HJT
Close all other windows and then start HiJack This
Click Do A System Scan Only
When it has finished scanning put a check next to the following lines IF still present
O4 - HKLM\..\Run: [cwcptray] C:\Program Files\ContentWatch\Internet Protection\cwtray.exe

- Close ALL open windows (especially Internet Explorer!)-
Now click Fix checked
Click yes to any prompts
Close HijackThis
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 12th, 2008, 8:12 am

for some reason its not there but it is in the running processes in the task manager.
here is my HijackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 2008-02-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SoftwareDistribution\Download\2abaeb659824de5967ddf7181c6befdb\update\update.exe

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\cwalsp.dll
O15 - Trusted Zone: http://www.cricinfo.com
O15 - Trusted Zone: http://www.google.ae
O15 - Trusted Zone: http://www.vr4network.com
O15 - Trusted Zone: http://www.vr4upload100.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLa ... uncher.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... se8460.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1979666718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{083DF447-BE14-4C06-9D62-BFFFDBB29A05}: NameServer = 213.42.20.20,195.229.241.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

--
End of file - 7920 bytes




did u mean
O23 - Service: ContentWatch (CwAltaService20) - ContentWatch, Inc. - C:\Program Files\ContentWatch\Internet Protection\cwsvc.exe???
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 12th, 2008, 9:05 am

It looks like the service is protecting the boot process, the only thing I can suggest is to remove the program completely
Do you want to do that ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 12th, 2008, 9:17 am

I would really want to delete this stupid software but I can't because I don't have the uninstall password or any other password. My father installed this software.
I have noticed something that i can see that cwsvc and cwtray(in the active tasks) in Winpatrol. Should I select them and press "Kill"?


So if I press "Kill" will it be temporary?
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 12th, 2008, 9:22 am

If your father installed it, then maybe you should ask him for the password. ??
I'm sorry, but if you didn't install it then I can't help you remove it.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 12th, 2008, 9:24 am

katana wrote:If your father installed it, then maybe you should ask him for the password. ??
I'm sorry, but if you didn't install it then I can't help you remove it.
looooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooool
lmao, rofl
How can i ask for the password when he put this software to let me online for only a bit of time.


and can I do that kill thing in winpatrol?
like will it work?
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby Katana » February 12th, 2008, 9:34 am

hamzah95 wrote:How can i ask for the password when he put this software to let me online for only a bit of time.


You have told me that your parent has deliberately put a program on the machine to monitor your online time.
Your father obviously has a reason for doing this, and I would be remiss if I told you how to bypass it.

Since there are no other problems,


Congratulations your logs look clean :D

Let's see if I can help you keep it that way

First lets tidy up :D

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Image
You can also delete any logs we have produced, and empty your Recycle bin.

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan ... ncipal.htm
http://www.kaspersky.com/kos/eng/partne ... bscan.html

AntiSpyware
    AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • MalwareBytes Anti-malware <<< A New and effective program
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner

Prevention
    These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers
    Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
    Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep


Also PLEASE read this article.......So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: My computer(PC) doesn't switch on, on normal mode.

Unread postby hamzah95 » February 12th, 2008, 9:50 am

How am I supposed to surf and play when Net Nanny is behind me?
hamzah95
Regular Member
 
Posts: 44
Joined: February 2nd, 2008, 1:22 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 89 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware