Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

HJT-log Computer rebooting and slow

1249 Views 12 Replies 2 Participants Last post by  khazars
I
Computer is slow and rebooting itself. Happens more often when driving multiple programs same time and when having several downloads simultaneously. Being suspicious because in task manager/processes there is 7 svchosts and CLI.exe

I´ve executed following operations:
1.Anti-Vir (no viruses)
2.Avast (found a keylogger and trojan) executed twice more no probs found
3.Spybot (found some spyware)
4.Ad-aware (no probs)
5.AVG (no probs)
In addition, I have deleted all the problems which I thought may have caused problems

Logfile of HijackThis v1.99.1
Scan saved at 13:31:03, on 11.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\softat\nvidia\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\softat\nvidia\bin\nTrayFw.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\LG\fwupdate.exe
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\softat\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\softat\SAMSUNG\GammaTray.exe
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\softat\SAMSUNG\NaturalColorLoad.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programs\foobar2000\foobar2000.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programs\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [ppmate] C:\Programs\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\softat\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Scepter\OctoshapeClient.exe" -inv:bootrun
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\softat\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: bw+0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\softat\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {867BEF78-7455-496E-A622-AAB32B0504C0} - C:\softat\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programs\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
See less See more
Save
Like
Status
Not open for further replies.
1 - 7 of 13 Posts
I
Did clean install about a year ago.
Was thinking to wait for Vista before next one.
Have done disc defrag frequently.

Maybe there is a problem with my hard disk because comp crashes with downloads such as dc++.
Torrent programs have never worked with my comp, crashes once in a while.
Save
Like
I
Okay. Took a while with all the checks but here are all the logs. avg found a a trojan dropper.

HJT
Logfile of HijackThis v1.99.1
Scan saved at 22:24:01, on 11.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\softat\nvidia\bin\nTrayFw.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\softat\LG\fwupdate.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\softat\nvidia\bin\nSvcLog.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Kaspersky\mwavscan.com
C:\Kaspersky\kavss.exe
C:\WINDOWS\system32\NOTEPAD.EXE
G:\DC++\DCPlusPlus.exe
C:\WINDOWS\system32\notepad.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:25:17 11.1.2007

+ Scan result:

C:\Programs\mozilla\SetupPoker.exe -> Adware.Casino : Cleaned.
C:\Programs\mozilla\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Scepter\Desktop\misc\BS.PLAYER.PRO V2.0 SETUP.0XE -> Dropper.Agent.ru : Cleaned.
C:\Documents and Settings\Scepter\My Documents\Vastaanotetut tiedostot\software\ppstreamsetup.exe -> Not-A-Virus.Constructor.Win32.QQRob.e : Cleaned.
F:\Karaoke ohelmia\All codecs needed for Windows Media Player - DivX & SVCD movies etc\04...DivX5\LS_DivX_5.0_Pro_Bundle_Patch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned.
:mozilla.250:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.321:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.65:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.185:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.164:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.167:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.10:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.12:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.127:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.128:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.129:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.130:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Vanaha Liitto\Cookies\vanaha [email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.194:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.282:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.283:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.171:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.56:C:\Documents and Settings\Scepter\Application Data\Mozilla\Firefox\Profiles\injyvrzz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.249:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.193:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.153:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.156:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.160:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.161:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.168:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.174:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.139:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.234:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.235:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.253:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.72:C:\Documents and Settings\Scepter\Application Data\Mozilla\Firefox\Profiles\injyvrzz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.112:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.113:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.114:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.34:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.35:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.36:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.277:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.301:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.302:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.323:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.104:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.105:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.256:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.9:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.116:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.257:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.122:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.123:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.143:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.144:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.145:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.146:C:\Documents and Settings\Vanaha Liitto\Application Data\Mozilla\Firefox\Profiles\hsrtlip3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
See less See more
Save
Like
I
WINPFIND

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 11.1.2007 15:06:12
WinPFind v1.5.0 Folder = C:\Documents and Settings\Scepter\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
WSUD 17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
aspack 18.3.2005 17:19:58 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 26.5.2005 15:34:52 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 22.7.2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 5.12.2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 3.2.2006 8:43:16 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 31.3.2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
aspack 28.9.2006 15:05:20 2414360 C:\WINDOWS\SYSTEM32\d3dx9_31.dll (Microsoft Corporation)
PEC2 4.8.2004 3:07:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 3.7.2006 23:40:50 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 3.7.2006 23:40:50 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PEC2 28.10.1998 22:51:00 42496 C:\WINDOWS\SYSTEM32\hvstrlib.DLL ()
PTech 12.7.2005 17:04:22 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft® Corporation)
PECompact2 5.10.2005 4:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 5.10.2005 4:09:08 2293088 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 4.8.2004 3:07:00 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 4.8.2004 3:07:00 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
UPX! 26.11.2003 0:32:02 123392 C:\WINDOWS\SYSTEM32\pncrt.dll (Real Networks, Inc)
Umonitor 4.8.2004 3:07:00 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 4.8.2004 3:07:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11.1.2007 15:05:10 S 2048 C:\WINDOWS\bootstat.dat ()
10.1.2007 17:04:44 H 54156 C:\WINDOWS\QTFont.qfn ()
11.1.2007 13:12:32 H 35864 C:\WINDOWS\system32\vsconfig.xml ()
11.1.2007 15:05:06 H 8192 C:\WINDOWS\system32\config\default.LOG ()
11.1.2007 15:05:22 H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
11.1.2007 15:05:10 H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
11.1.2007 15:05:12 H 57344 C:\WINDOWS\system32\config\software.LOG ()
11.1.2007 15:05:12 H 1069056 C:\WINDOWS\system32\config\system.LOG ()
19.12.2006 1:44:46 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
15.11.2006 12:20:46 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\2479539e-063e-4286-9cdb-e55fa7f4cde3 ()
25.11.2006 4:39:34 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\57280752-7159-4423-90aa-08d6da61df02 ()
22.11.2006 18:51:24 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\e6d0886c-5b49-4274-85a9-aa6641c3c293 ()
25.11.2006 4:39:34 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
11.1.2007 15:03:58 H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
17.11.2004 10:08:06 16162816 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
4.8.2004 3:07:00 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
4.8.2004 3:07:00 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
4.8.2004 3:07:00 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
9.11.2006 15:07:28 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
4.8.2004 3:07:00 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
4.8.2004 3:07:00 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
4.8.2004 3:07:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
4.8.2004 3:07:00 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
4.8.2004 3:07:00 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
4.8.2004 3:07:00 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
20.3.2006 21:43:16 372736 C:\WINDOWS\SYSTEM32\PhysX.cpl ()
4.8.2004 3:07:00 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
4.8.2004 3:07:00 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
4.8.2004 3:07:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
4.8.2004 3:07:00 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
4.8.2004 3:07:00 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
26.5.2005 3:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
4.8.2004 3:07:00 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
4.8.2004 3:07:00 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
4.8.2004 3:07:00 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
4.8.2004 3:07:00 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
4.8.2004 3:07:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
4.8.2004 3:07:00 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
4.8.2004 3:07:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
4.8.2004 3:07:00 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl (Microsoft Corporation)
4.8.2004 3:07:00 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
4.8.2004 3:07:00 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
4.8.2004 3:07:00 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
4.8.2004 3:07:00 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
4.8.2004 3:07:00 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
4.8.2004 3:07:00 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
4.8.2004 3:07:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
4.8.2004 3:07:00 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)
4.8.2004 3:07:00 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl (Microsoft Corporation)
26.5.2005 3:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} - MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
{5ED80217-570B-4DA9-BF44-BE107C0EC166} - Windows Live Safety Center Base Module - CodeBase = http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - MessengerStatsClient Class - CodeBase = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{9D190AE6-C81E-4039-8061-978EBAD10073} - F-Secure Online Scanner 3.0 - CodeBase = http://support.f-secure.com/ols/fscax.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7.2.2006 20:37:32 994 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ()
10.1.2007 15:16:02 1765 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
27.9.2005 21:47:14 1301 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk ()
27.9.2005 20:09:38 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
27.9.2005 21:04:16 1606 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk ()
27.9.2005 21:47:14 1329 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk ()
23.5.2006 15:39:52 1653 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
27.9.2005 21:49:58 485 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
2.3.2006 2:09:26 305 C:\Documents and Settings\All Users\Application Data\addr_file.html ()
28.9.2005 3:36:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10.1.2007 17:16:22 1356 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()

Checking files in %USERPROFILE%\Startup folder...
27.9.2005 20:09:38 HS 84 C:\Documents and Settings\Scepter\Start Menu\Programs\Startup\desktop.ini ()

Checking files in %USERPROFILE%\Application Data folder...
28.9.2005 3:36:56 HS 62 C:\Documents and Settings\Scepter\Application Data\desktop.ini ()
30.6.2006 14:38:50 23728 C:\Documents and Settings\Scepter\Application Data\GDIPFONTCACHEV1.DAT ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Search Bar - http://www.google.com/ie
\\Search Page - http://www.google.com
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - = ()
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\Programs\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\ShellBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} - = ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 = Windows Messenger
\\NEXTID - 8195
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8193 = Sun Java Console
\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - 8194 = PartyPoker.com

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - ButtonText: PartyPoker.com = E:\games\PP\PartyPoker\RunApp.exe ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{950FF917-7A57-46BC-8017-59D9BF474000} - Shell Extension for CDRW = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG)
\\{D9872D13-7651-4471-9EEE-F0A00218BEBB} - Multiscan = ()
\\{45AC2688-0253-4ED8-97DE-B5370FA7D48A} - Shell Extension for Malware scanning = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Programs\real\rpshell.dll (RealNetworks, Inc.)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Programs\WinRAR\rarext.dll ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{5E2121EE-0300-11D4-8D3B-444553540000} - Catalyst Context Menu extension = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\ACE - {5E2121EE-0300-11D4-8D3B-444553540000} = C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll ()
\InCDMenu - {950FF917-7A57-46BC-8017-59D9BF474000} = C:\Program Files\Ahead\InCD\incdshx.dll (Ahead Software AG)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Shell Extension for Malware scanning - {45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programs\AntiVir PersonalEdition Classic\shlext.dll (H+BEDV Datentechnik GmbH)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programs\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRAMS\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
InCD - C:\Program Files\Ahead\InCD\InCD.exe (Ahead Software AG)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
nTrayFw - C:\softat\nvidia\bin\nTrayFw.exe (NVIDIA Corporation)
RemoteControl - C:\softat\LG\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
IMJPMIG8.1 - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MSPY2002 - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe ()
PHIME2002ASync - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
PHIME2002A - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
QuickTime Task - C:\Programs\quicktime\qttask.exe (Apple Computer, Inc.)
BigDogPath - C:\WINDOWS\VM_STI.EXE (BIGDOG)
Zone Labs Client - C:\Programs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
AGEIA PhysX SysTray - C:\Program Files\AGEIA Technologies\TrayIcon.exe ()
Logitech Hardware Abstraction Layer - C:\WINDOWS\KHALMNPR.EXE (Logitech Inc.)
ATICCC - C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
LGODDFU - C:\softat\LG\fwupdate.exe (CST)
ppmate - C:\Programs\PPMate\PPMate\ppmate.exe ()
avgnt - C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
DAEMON Tools - C:\Programs\DAEMON Tools\daemon.exe (DT Soft Ltd.)
!AVG Anti-Spyware - C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
See less See more
Save
Like
I
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe (Microsoft Corporation)
PowerBar - Reg Data missing or invalid ()
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
NBJ - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
Octoshape Streaming Services - C:\Program Files\Octoshape Streaming Services\Scepter\OctoshapeClient.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Color Calibration.lnk - C:\softat\SAMSUNG\GammaTray.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - C:\softat\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MagicTune3.5.lnk - C:\softat\SAMSUNG\MagicTuneTray.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Programs\Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk - C:\softat\SAMSUNG\NaturalColorLoad.exe ()

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Scepter\Start Menu\Programs\Startup\desktop.ini ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = ()
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
\\UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Programs\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{66711A6D-7B34-4CEE-8DD0-656A4089254C} - ()
{75E56C1E-1B74-42B0-85FC-76C9A2918307} - ()
{B76D8621-2A71-4B2B-928C-CEB3593B21E2} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000002\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000003\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000004\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000005\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000006\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000007\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000008\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000009\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000010\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000011\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000012\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000013\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000014\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000015\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000024\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000025\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000026\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000027\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000028\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000029\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000030\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000031\\PackedCatalogItem - %SYSTEMROOT%\system32\nvappfilter.dll (NVIDIA)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
::Report end

Track QOO
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nTrayFw"="C:\\softat\\nvidia\\bin\\nTrayFw.exe"
"RemoteControl"="C:\\softat\\LG\\PowerDVD\\PDVDServ.exe"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"QuickTime Task"="\"C:\\Programs\\quicktime\\qttask.exe\" -atboottime"
"BigDogPath"="C:\\WINDOWS\\VM_STI.EXE VIMICRO USB PC Camera"
"Zone Labs Client"="C:\\Programs\\ZoneAlarm\\zlclient.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AGEIA PhysX SysTray"="C:\\Program Files\\AGEIA Technologies\\TrayIcon.exe"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"LGODDFU"="C:\\softat\\LG\\fwupdate.exe"
"ppmate"="C:\\Programs\\PPMate\\PPMate\\ppmate.exe -autoplay"
"avgnt"="\"C:\\Programs\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"DAEMON Tools"="\"C:\\Programs\\DAEMON Tools\\daemon.exe\" -lang 1033"
"!AVG Anti-Spyware"="\"C:\\Programs\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- AVG Anti-Spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\context.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Shell Extension for Malware scanning
{45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Programs\AntiVir PersonalEdition Classic\shlext.dll

Subkey --- WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Programs\WinRAR\rarext.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRAMS\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk
Color Calibration.lnk
desktop.ini
Logitech SetPoint.lnk
MagicTune3.5.lnk
Microsoft Office.lnk
NaturalColorLoad.lnk
==============================
C:\Documents and Settings\Scepter\Start Menu\Programs\Startup

Adobe Gamma Loader.lnk
Adobe Reader Speed Launch.lnk
Color Calibration.lnk
desktop.ini
Logitech SetPoint.lnk
MagicTune3.5.lnk
Microsoft Office.lnk
NaturalColorLoad.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files

access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
PhysX.cpl
powercfg.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

MWAV
Virus log information:
File C:\Documents and Settings\Scepter\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Scepter\Application Data\SecuROM\UserData\???????????p????????? infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{B59AD832-B1B5-450B-AE1F-9DAB34718290}\RP375\A0153917.exe tagged as not-a-virus:AdWare.Win32.Casino.w. No Action Taken.
File E:\temp\mirc62.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.62. No Action Taken.
File E:\temp\Texas-holdem-training.exe tagged as not-a-virus:AdWare.Win32.Casino.w. No Action Taken.

Thu Jan 11 22:18:13 2007 => ***** Scanning complete. *****

Thu Jan 11 22:18:13 2007 => Total Number of Files Scanned: 105299
Thu Jan 11 22:18:13 2007 => Total Number of Virus(es) Found: 5
Thu Jan 11 22:18:13 2007 => Total Number of Disinfected Files: 0
Thu Jan 11 22:18:13 2007 => Total Number of Files Renamed: 2
Thu Jan 11 22:18:13 2007 => Total Number of Deleted Files: 0
Thu Jan 11 22:18:13 2007 => Total Number of Errors: 14
Thu Jan 11 22:18:13 2007 => Time Elapsed: 03:41:15
Thu Jan 11 22:18:13 2007 => Virus Database Date: 2006/12/28
Thu Jan 11 22:18:13 2007 => Virus Database Count: 254631

Thu Jan 11 22:18:13 2007 => Scan Completed.
See less See more
Save
Like
I
Panda activescan was clean.

Logfile of HijackThis v1.99.1
Scan saved at 12:03:03, on 12.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programs\AntiVir PersonalEdition Classic\sched.exe
C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\softat\nvidia\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\softat\nvidia\bin\nSvcLog.exe
C:\WINDOWS\system32\svchost.exe
C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\softat\nvidia\bin\nSvcAppFlt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\softat\LG\PowerDVD\PDVDServ.exe
C:\WINDOWS\VM_STI.EXE
C:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\softat\LG\fwupdate.exe
C:\Programs\DAEMON Tools\daemon.exe
C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\softat\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programs\foobar2000\foobar2000.exe
C:\Programs\AntiVir PersonalEdition Classic\avnotify.exe
C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Scepter\Desktop\WoW-2.0.0-enUS-Installer\wowclient-downloader.exe
C:\Programs\Mozilla Firefox\firefox.exe
C:\hijack\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programs\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nTrayFw] C:\softat\nvidia\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RemoteControl] C:\softat\LG\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programs\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [LGODDFU] C:\softat\LG\fwupdate.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programs\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programs\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programs\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programs\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\softat\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MagicTune3.5.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programs\Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\Programs\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\games\PP\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Programs\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programs\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programs\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\softat\nvidia\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\softat\nvidia\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\softat\nvidia\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\softat\nvidia\bin\nSvcLog.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
See less See more
Save
Like
I
Still crashing. I will try to remove some programs.

Thanks for the help.
Save
Like
1 - 7 of 13 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top