ZoneAlarm, McAfee n Spybot SnD aren't working...

[The Incredible]

Hi!

Something is wrong with my pc definitely.

neither McAfee security agent is working nor Spybot SnD is running.

i can understand the problem.

i have updated mcafee and checked for virus several times but nothing found.

neither ad-aware is finding anything special.

i cant even install ZA. whenever i'm trying to install ZA i'm getting the following error message.

*img382.imageshack.us/img382/6155/zonealarm9ne.png

 

[swatkat]

Hi,
Do they work in Safe Mode?

 

[The Incredible]

Hi,
Do they work in Safe Mode?

Dunno. Didnt thought of doing it.

w8 lemme check whether it works or not.

 

[The Incredible]

allrite, ZA worked in safemode and get installed without any problemand worked when i restarted my pc normally but the next time i restarted, it again not opening.

 

[The Incredible]

i wanna tell that i have been facing terrible problems.


whenever i run ad-aware latest version with latest updates then it opens normally but when i run a check then after scanning over 97000 files it stop while deep scanning the folder "D:/Security/ZoneAlarm/repair" and dont completes scanning that file and then i have to press cancel twice to cancel scanning. before scanning the above mentioned folder it had detected a file as a critical error but never shows that file when i abort scanning. here is what i saw as the result.

it is really shocking.

*img477.imageshack.us/img477/1492/adawaresumthingwrong9mm.jpg

one more thing is that i havent selected anything to b ignored and it shows that it had ignored 4 objects.



next thing is that neither ZA is working nor McAfee is working nor avast! is working nor AntiVir is working nor SpybotSnD is working.

i can install and unistall all those above mentioned things insafe mode and they do work when i switch to normal mode but as soon as i reboot after switching into normal mode, they all stop working.


i installed ZoneAlarm once again via safemode, it worked w/o any problem in next normal boot but with this msg on the startup

*img477.imageshack.us/img477/6292/zavalidationfailed2lk.png




i also installed AntiVir provided by digit in novemeber dvd so that if there is any problem then that cud b solved but i got shocked when i saw ZA showing AntiVir accessing the trusted zone while i wasnt connected to the net.

here's the how i came to know (this screenshot has been taken while i'm not connectd to the net.

*img5.imageshack.us/img5/7053/zashowinconxnwhilenotconeced2n.jpg



all that i cud have find that nowadays i'm seeing every software asking to access a process named smss.exe and crss.exe , i'm having doubt on these processes because i never saw any programms asking to using this processes.

*img477.imageshack.us/img477/3627/zasmsscrss9no.jpg



i have mentioned sum more problem which might help u in this thread




currently i have used a system restore to come back where i was and ZA is working but McAfee isnt but i'm dead sure tht again as soon as i will boot, everything will agiain stop working.

pls help me.

 

[swatkat]

Hi,
This is weird. But, as far as AntiVir is concerned, it acceses the local machine using the 127.0.0.1 thorough TCP/IP. So, ZA is showing it as traffic. This is normal. You can read about it in the Read Me file of AntiVir.

Can you run some online virus scanners like Kaspersky and/or Panda. Post back the log of this scan.

 

[The Incredible]

sory i cant run online virus scanners cos i dunt hav gud bandwidth and i thinki will need a BB connexn for that which i dont hav curently but think that wioll have after next 2 months so till then recommend me any patch if u know.


mymcafee virusscan wasnt working so i unistalled it and in the process deleted one quarrantined file.

now i had installed avg 7

i seitched to a restore point and after that i had been hibernating to avoid boot ups as they r pobably the problem.

currently i'm able to run ZA avg ad-aware and spybot snd w/o bootups so currently i'm updating all these things

i'm also having doubt on the process named smss.exe , so whenever a program ask to communicate with it then ZA informs me and i denies this communication, perhaps this was the reason of hanging of ad-aware.

allright, i will b searching any possible solution,btw wat if i reinstall winxp over the existing version, will i have to reinstall all the programs i'm having?

guys gimme a solution if possible ASAP


i'm having a doubt on the processes named smss.exe pls tell whether it is harmful or not.

 

[The Incredible]

first of all sorry for double posting. if u ppl think that i have dun this 2 increase my post counts then pls set them to 0, i dont need them.

Can you run some online virus scanners like Kaspersky and/or Panda. Post back the log of this scan.

sorry i cant but i'm having another opinion of posting my hijackthis log, can this help???

 

[Retro]

first of all sorry for double posting. if u ppl think that i have dun this 2 increase my post counts then pls set them to 0, i dont need them.

Can you run some online virus scanners like Kaspersky and/or Panda. Post back the log of this scan.

sorry i cant but i'm having another opinion of posting my hijackthis log, can this help???

That might do some work. But I seriously don't think Spyware/Trojans might do that much harm. It would be good if you could re-install Windows itself and store the important files that you need.

But still, post your log. Also, try re-installing some other Anti-virus in Safe Mode and Run an EXTENSIVE search. That might do some help. Digit Provides Anti-Virus software/updates regularly in CD/DVD and you may get this months DVD.

Adios
Hope I've been of some help.

 

[swatkat]

Hi,
Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.

Also, post a HijackThis log.

 

[The Incredible]

allallright guys do a google searh on smss.exe and csrss.exe


wat i found is that these are system proceses but sum worm use this name for fooling.

i saw these processes from when i came to know abt problems in my pc


i cant use any removal tool as they can be system processes which might cause sum problem


but one thing i came to know that these processes cant b ended from taskmanger which perhaps indicates the case of worm


and i also cant end these processes from taskmanager.


my friend sugested me that it is sasser worm and asked me to download its removal tool so i did the same and am scanning my pc currently while this scanning sumhow avg as found worms "I-Worm/Bagle" and "I-Worm/Bagle.HY" which were trying to run few files. it had found abt 10 viri till now trying to access sum .exe files in windows and system 32 directory.

it had forund one more virus nadm Adware Generic.

man there is sumthing definitely worng here.

i have found abt 15+ vri till now and moved more than 50 viri to vault (quarrantined) gonna disconnect now.

 

[swatkat]

Hi,
Post the WinPFind and HijackThis logs. Lets see whats happening in the system.

And, you cannot terminate the genuine smss.exe and csrss.exe using the Windows Task Manager. They are required for the correct operation of Windows. These original files are located in \Windows\System32 folder. Any other file with the same name present in different folder can be virus/malware.

 

[vignesh]

Maybe a virus disabled all your security tools..

 

[The Incredible]

yes, that is what i had been thinking vignesh.



everything is working fine now. i found 23 viri and 90 infected file and deleted them all.

they were in C:/System Volume Information/_restore{..........}/129 and 130 and 131.

can they hav dun sumthing wrong there?


here is the hijachthis log, will post thte winpfind log soon.

Logfile of HijackThis v1.97.7
Scan saved at 4:32:21 PM, on 11/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
D:\Security\AVGFRE~1\avgamsvr.exe
C:\windows\Explorer.EXE
D:\Security\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\windows\system32\svchost.exe
D:\Security\ZoneAlarm\zlclient.exe
C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
D:\Security\AVGFRE~1\avgcc.exe
D:\Security\AVGFRE~1\avgemc.exe
C:\windows\system32\ctfmon.exe
D:\Security\Spybot - Search & Destroy 1.4\TeaTimer.exe
D:\Anindya\Yahoo\Messenger\ymsgr_tray.exe
D:\Downloads\Completed\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Security\SPYBOT~1.4\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [Zone Labs Client] D:\Security\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\Security\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\Security\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Anindya\Yahoo\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Security\Spybot - Search & Destroy 1.4\TeaTimer.exe
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Internet\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Internet\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Internet\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Internet\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://D:\UTILIT~1\HOME\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: Instant Buzz (HKLM)
O9 - Extra button: FlashFavorite (HKLM)
O9 - Extra 'Tools' menuitem: Flash Favorite (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - *go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - *update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126398123806
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - *download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

 

[swatkat]

Hi,
HijackThis log looks clean.

i found 23 viri and 90 infected file and deleted them all.

they were in C:/System Volume Information/_restore{..........}/129 and 130 and 131.

can they hav dun sumthing wrong there?

Those folders are created by the System Restore feature of Windows. They are Restore points.

 

[The Incredible]

Happy to know that it is clean.

Here's WinPFind log.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 2    Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2                 8/23/2001 6:30:00 AM        41397      C:\windows\SYSTEM32\dfrg.msc
winsync              8/23/2001 6:30:00 AM        1309184    C:\windows\SYSTEM32\wbdbase.deu
aspack               8/3/2004 7:26:38 PM         708096     C:\windows\SYSTEM32\ntdll.dll
PECompact2           11/11/2005 10:30:08 AM      2368864    C:\windows\SYSTEM32\MRT.exe
aspack               11/11/2005 10:30:08 AM      2368864    C:\windows\SYSTEM32\MRT.exe
Umonitor             8/3/2004 7:26:46 PM         657920     C:\windows\SYSTEM32\rasdlg.dll
PTech                7/12/2005 6:04:22 PM        520456     C:\windows\SYSTEM32\LegitCheckControl.dll

Checking %System%\Drivers folder and sub-folders...
UPX!                 11/19/2005 2:42:56 AM       726592     C:\windows\SYSTEM32\drivers\avg7core.sys
FSG!                 11/19/2005 2:42:56 AM       726592     C:\windows\SYSTEM32\drivers\avg7core.sys
PEC2                 11/19/2005 2:42:56 AM       726592     C:\windows\SYSTEM32\drivers\avg7core.sys
aspack               11/19/2005 2:42:56 AM       726592     C:\windows\SYSTEM32\drivers\avg7core.sys

Items found in C:\windows\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     11/20/2005 6:03:22 PM     S 2048       C:\windows\bootstat.dat
                     11/5/2005 2:30:54 PM     H  266        C:\windows\desktop.ini
                     11/5/2005 2:30:54 PM     H  13122      C:\windows\folder.htt
                     11/20/2005 6:07:56 PM    H  32043      C:\windows\system32\vsconfig.xml
                     11/17/2005 10:46:58 PM   H  4212       C:\windows\system32\zllictbl.dat
                     11/5/2005 2:30:54 PM     H  266        C:\windows\system32\desktop.ini
                     11/5/2005 2:30:54 PM     H  13122      C:\windows\system32\folder.htt
                     11/20/2005 6:05:36 PM    H  1024       C:\windows\system32\config\SECURITY.LOG
                     11/20/2005 6:16:12 PM    H  1024       C:\windows\system32\config\SOFTWARE.LOG
                     11/20/2005 6:19:32 PM    H  1024       C:\windows\system32\config\DEFAULT.LOG
                     11/20/2005 6:03:44 PM    H  1024       C:\windows\system32\config\SAM.LOG
                     11/20/2005 6:07:20 PM    H  1024       C:\windows\system32\config\SYSTEM.LOG
                     9/24/2005 7:51:54 PM     H  0          C:\windows\system32\config\SOFTWARE.rrr.LOG
                     9/24/2005 7:51:56 PM     H  0          C:\windows\system32\config\DEFAULT.rrr.LOG
                     9/24/2005 7:51:56 PM     H  0          C:\windows\system32\config\SAM.rrr.LOG
                     11/18/2005 10:50:04 PM   H  1024       C:\windows\system32\config\systemprofile\ntuser.dat.LOG
                     11/5/2005 7:18:36 PM     H  10836      C:\windows\system32\ShellExt\GMailFS.GID
                     11/3/2005 6:24:32 PM     H  81         C:\windows\system32\GroupPolicy\Adm\admfiles.ini
                     10/5/2005 6:47:40 AM      S 21737      C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
                     9/28/2005 11:53:30 AM     S 17402      C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
                     10/5/2005 8:33:38 PM      S 12849      C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
                     11/5/2005 2:30:54 PM     H  13122      C:\windows\system\folder.htt
                     11/5/2005 2:30:54 PM     H  266        C:\windows\system\desktop.ini
                     11/5/2005 2:30:54 PM     H  855        C:\windows\Web\webview.css
                     11/5/2005 2:30:54 PM     H  4204       C:\windows\Web\controlp.htt
                     11/5/2005 2:30:54 PM     H  14258      C:\windows\Web\default.htt
                     11/5/2005 2:30:54 PM     H  11530      C:\windows\Web\folder.htt
                     11/5/2005 2:30:54 PM     H  4988       C:\windows\Web\mycomp.htt
                     11/5/2005 2:30:54 PM     H  5403       C:\windows\Web\nethood.htt
                     11/5/2005 2:30:54 PM     H  5044       C:\windows\Web\printers.htt
                     11/5/2005 2:30:54 PM     H  8088       C:\windows\Web\recycle.htt
                     11/5/2005 2:30:54 PM     H  5495       C:\windows\Web\schedule.htt
                     11/5/2005 2:30:54 PM     H  5521       C:\windows\Web\dialup.htt
                     11/5/2005 2:30:54 PM     H  44686      C:\windows\Web\wvleft.bmp
                     11/5/2005 2:30:54 PM     H  840        C:\windows\Web\wvline.gif
                     11/5/2005 2:30:54 PM     H  19600      C:\windows\Web\wvlogo.gif
                     10/13/2005 7:12:12 PM    H  0          C:\windows\SoftwareDistribution\Download\S-1-5-18\81830fade50434252c160da6e86e315c\BIT861.tmp
                     11/20/2005 2:08:32 PM    H  7685098    C:\windows\SoftwareDistribution\Download\S-1-5-18\d1ede8affa76fd2e89f64017d248fa9a\BIT56.tmp
                     11/20/2005 6:03:34 PM    H  6          C:\windows\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/23/2001 6:30:00 AM        187904     C:\windows\SYSTEM32\main.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        35840      C:\windows\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        36864      C:\windows\SYSTEM32\nwc.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        28160      C:\windows\SYSTEM32\telephon.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         135168     C:\windows\SYSTEM32\desk.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         549888     C:\windows\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         110592     C:\windows\SYSTEM32\bthprops.cpl
                               7/29/2004 12:56:00 PM       221184     C:\windows\SYSTEM32\cttune.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         80384      C:\windows\SYSTEM32\firewall.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         155136     C:\windows\SYSTEM32\hdwwiz.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         358400     C:\windows\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         129536     C:\windows\SYSTEM32\intl.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         380416     C:\windows\SYSTEM32\irprops.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         68608      C:\windows\SYSTEM32\joy.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         618496     C:\windows\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         25600      C:\windows\SYSTEM32\netsetup.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         257024     C:\windows\SYSTEM32\nusrmgr.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         32768      C:\windows\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         114688     C:\windows\SYSTEM32\powercfg.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         298496     C:\windows\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         94208      C:\windows\SYSTEM32\timedate.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         148480     C:\windows\SYSTEM32\wscui.cpl
Microsoft Corporation          9/30/2004 3:47:14 PM        135168     C:\windows\SYSTEM32\directx.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\windows\SYSTEM32\wuaucpl.cpl
                               12/29/2002 4:44:38 AM       81920      C:\windows\SYSTEM32\startup.cpl
Microsoft Corporation          8/4/2004 12:56:58 AM        68608      C:\windows\SYSTEM32\access.cpl
Apple Computer, Inc.           9/23/2004 6:57:40 PM        323072     C:\windows\SYSTEM32\QuickTime.cpl
Realtek Semiconductor Corp.    3/24/2005 9:10:48 PM        17899520   C:\windows\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          7/23/2001 11:09:38 PM       147456     C:\windows\SYSTEM32\sapi.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        36864      C:\windows\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         32768      C:\windows\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         549888     C:\windows\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/4/2004 12:56:58 AM        68608      C:\windows\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/4/2004 12:56:58 AM        135168     C:\windows\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         155136     C:\windows\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         80384      C:\windows\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         358400     C:\windows\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/4/2004 12:56:58 AM        129536     C:\windows\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         68608      C:\windows\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        187904     C:\windows\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         618496     C:\windows\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        35840      C:\windows\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         257024     C:\windows\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         25600      C:\windows\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         114688     C:\windows\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         155648     C:\windows\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         94208      C:\windows\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         298496     C:\windows\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/23/2001 6:30:00 AM        28160      C:\windows\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/3/2004 7:26:58 PM         148480     C:\windows\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation          5/26/2005 4:16:30 AM        174360     C:\windows\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     8/23/2005 11:28:30 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     8/23/2005 11:10:38 AM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
                     8/23/2005 11:28:30 AM    HS 84         C:\Documents and Settings\computer\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
                     8/23/2005 11:10:38 AM    HS 62         C:\Documents and Settings\computer\Application Data\desktop.ini
                     9/4/2005 1:17:08 PM         17528      C:\Documents and Settings\computer\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
	SV1	 = 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
		 = 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip
	{23170F69-40C1-278A-1000-000100020000}	 = blank
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
	{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}	 = D:\Security\AVG Free Edition\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
	{750fdf0e-2a26-11d1-a3ea-080036587f03}	 = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
	{09799AFB-AD67-11d1-ABCD-00C04FC30936}	 = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
	{A470F8CF-A1E8-4f65-8335-227475AA5C46}	 = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
	Start Menu Pin	 = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip
	{23170F69-40C1-278A-1000-000100020000}	 = blank
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
	{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}	 = D:\Security\AVG Free Edition\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\jetAudio
	{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}	 = C:\Program Files\JetAudio\JetFlExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip
	{23170F69-40C1-278A-1000-000100020000}	 = blank
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
	{A470F8CF-A1E8-4f65-8335-227475AA5C46}	 = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\jetAudio
	{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}	 = C:\Program Files\JetAudio\JetFlExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
	{750fdf0e-2a26-11d1-a3ea-080036587f03}	 = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}	 = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
	 = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
	 = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
	 = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
	 = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
	 = D:\Security\SPYBOT~1.4\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
	&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
	{BA52B914-B692-46c4-B683-905236F6F655}	 = 	: 
	{7754C418-F62E-44aa-B169-E719E718BCFD}	 = 1-Click Answers	: C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{066040F0-5018-4E15-8AA0-81D36136D989}
	ButtonText	 = Instant Buzz	: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4335F0BE-9AAF-4023-9929-681B937B814A}
	ButtonText	 = FlashFavorite	: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
	ButtonText	 = Yahoo! Messenger	: D:\ANINDYA\YAHOO\MESSEN~1\YPAGER.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
	File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
	History Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
	{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\system32\browseui.dll
	{2318C2B1-4965-11D4-9B18-009027A5CD4F} = 	: 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
	{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\system32\browseui.dll
	{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
	{7754C418-F62E-44AA-B169-E719E718BCFD} = 1-Click Answers	: C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
	{2318C2B1-4965-11D4-9B18-009027A5CD4F} = 	: 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	Zone Labs Client	D:\Security\ZoneAlarm\zlclient.exe
		
	MCUpdateExe	C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
	MCAgentExe	c:\PROGRA~1\mcafee.com\agent\McAgent.exe
	AVG7_CC	D:\Security\AVGFRE~1\avgcc.exe /STARTUP
	AVG7_EMC	D:\Security\AVGFRE~1\avgemc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
	IMAIL	Installed = 1
	MAPI	Installed = 1
	MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	ctfmon.exe	C:\windows\system32\ctfmon.exe
	Yahoo! Pager	"D:\Anindya\Yahoo\Messenger\ypager.exe" -quiet
	SpybotSD TeaTimer	D:\Security\Spybot - Search & Destroy 1.4\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
	location	Common Startup
	command	C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
	item	Microsoft Office
	backup	C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bandwidth Monitor Pro
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	Bandwidth Monitor Pro
	hkey	HKCU
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	Bandwidth Monitor Pro
	hkey	HKCU
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Instant Buzz Daemon
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	IBDaemon
	hkey	HKLM
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	IBDaemon
	hkey	HKLM
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LDM
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	BackWeb-8876480
	hkey	HKCU
	command	C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	BackWeb-8876480
	hkey	HKCU
	command	C:\Program Files\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCAgentExe
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	McAgent
	hkey	HKLM
	command	c:\PROGRA~1\mcafee.com\agent\McAgent.exe
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	McAgent
	hkey	HKLM
	command	c:\PROGRA~1\mcafee.com\agent\McAgent.exe
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MCUpdateExe
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	McUpdate
	hkey	HKLM
	command	C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	McUpdate
	hkey	HKLM
	command	C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	MsnMsgr
	hkey	HKCU
	command	"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	MsnMsgr
	hkey	HKCU
	command	"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	qttask
	hkey	HKLM
	command	"D:\utilities\essentials\Quick Time 6\qttask.exe" -atboottime
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	qttask
	hkey	HKLM
	command	"D:\utilities\essentials\Quick Time 6\qttask.exe" -atboottime
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SoundMan
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	SOUNDMAN
	hkey	HKLM
	command	SOUNDMAN.EXE
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	SOUNDMAN
	hkey	HKLM
	command	SOUNDMAN.EXE
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	ypager
	hkey	HKCU
	command	"D:\Anindya\Yahoo\Messenger\ypager.exe" -quiet
	inimapping	0
	key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
	item	ypager
	hkey	HKCU
	command	"D:\Anindya\Yahoo\Messenger\ypager.exe" -quiet
	inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
	system.ini	0
	win.ini	0
	bootini	0
	services	0
	startup	2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
	NoRemoteRecursiveEvents	0
	NoStrCmpLogical	0
	NoClose	0
	NoRecentDocsMenu	1
	NoSMMyDocs	1
	NoSMMyPictures	1
	NoStartMenuMyMusic	1
	NoRecentDocsHistory	1
	NoRecentDocsNetHood	1
	NoInstrumentation	1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
	{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
	{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
	{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
	dontdisplaylastusername	0
	legalnoticecaption	
	legalnoticetext	
	shutdownwithoutlogon	1
	undockwithoutlogon	1
	RunStartupScriptSync	1
	SynchronousMachineGroupPolicy	1
	SynchronousUserGroupPolicy	1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
	NoChangingWallPaper	0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
	NoSMBalloonTip	0
	NoSaveSettings	0
	CDRAutoRun	1
	NoDriveTypeAutoRun	145
	NoLowDiskSpaceChecks	0
	MemCheckBoxInRunDlg	0
	NoClose	0
	NoAutoTrayNotify	0
	NoResolveTrack	0
	NoResolveSearch	0
	LinkResolveIgnoreLinkInfo	0
	NoStartBanner	
	NoWelcomeScreen	0
	NoDesktopCleanupWizard	0
	NoSharedDocuments	1
	NoThemesTab	1
	ForceClassicControlPanel	0
	NoSMConfigurePrograms	1
	NoRecentDocsMenu	1
	NoSMMyDocs	1
	NoSMMyPictures	1
	NoStartMenuMyMusic	1
	NoRecentDocsHistory	1
	ClearRecentDocsOnExit	1
	NoRecentDocsNetHood	1
	NoInstrumentation	1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
	NoPrintSharing	1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
	NoDispAppearancePage	0
	NoColorChoice	0
	NoDispBackgroundPage	0
	NoDispCPL	0
	NoDispSettingsPage	0
	NoDispScrSavPage	0
	NoVisualStyleChoice	0
	NoSizeChoice	0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	PostBootReminder               	{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
	CDBurn                         	{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
	WebCheck                       	{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
	SysTray                        	{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
	UserInit	= C:\WINDOWS\system32\userinit.exe,
	Shell		= Explorer.exe
	System		= 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
	 = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
	 = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
	 = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
	 = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
	 = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
	 = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
	 = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
	 = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
	 = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
	Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
	AppInit_DLLs	


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/20/2005 6:19:52 PM

Hope this is also clean.

 

[swatkat]

Hi,
Yes, this one looks clean

 

[The Incredible]

Hi,
Yes, this one looks clean

SO, shud i cheer now???

althought i have removed viri and infected files but do you that they can come back if i restore my computer to a point where they were present.

i gave the name of the viri so can u say how the viri wud hav entered my pc??

how do they cause threat?? what do they do?

and can u tel me a site which gives a removal tool for it?

 

[swatkat]

Hi,
Yes, if you restore the system, then those virus files will also be restored (if they are not already deleted by AVG). So, its better you delete those Restore points. (See here to know how to delete Restore points.)
AVG might have removed those virus files. Since the names of viruses you mentioned are newer/common ones, you can download this small tool called McAfee Stinger and run it. This tool is designed to remove common/new viruses.

 

[The Incredible]

thanks a lot everyone, now i think everything is fine but i dunno how my clock is not working properly


it has become sow, it is decreasing 1 hours per day, i have to correect it daily, is it cos of any hidden viri