1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Games wont run

Discussion in 'Windows XP' started by G1tana, Jul 8, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    Hi all can some please help me

    I been playing civilisation 4 warlords, tigerwoods, ea f1, and noticed a couple of days ago that none of them will load up.
    I am using dell optiplexGX270 running xp sp2 and have a 400gb hdd, 512 ram.
    I'm running ZA security suite and run regcure, WinASO and xp repair pro 2007 registry programs.
    WinASO found over 2000 problems yesterday and regcure finds 200 odd, every time I have to scan every few hours, when my wireless internet connection decides to disconnect its self.
    thank you all in advance
     
  2. Solartide

    Solartide

    Joined:
    Jul 8, 2007
    Messages:
    29
    Are you using any new hardware by any chance?

    I was playing CS one day when my connection started disconnecting randomly, turns out my new wireless mouse was interfering with the signal.
     
  3. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    i installed a new dvd drive the other day but thats
     
  4. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    Msn messenger keeps logging me out to and followed instruction from another thread so you guys can take a look, thanks


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:44:26, on 08/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [igfxpers] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www.btsecurity.bt.com/bt/bin/wizard.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IIS Admin (IISADMIN) - Macrovision Corporation - (no file)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7988 bytes
     
  5. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Your HJT log file is missing the top line that let it be known what version it is could you please post the entire log file?

    Thank you for editing it.
     
  6. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    I've edited it sorry
     
  7. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    bump
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,337
    First Name:
    Karen
    Hi and welcome to TSG,

    I find it strange how these two entries got reversed. :confused:

    O4 - HKLM\..\Run: [igfxpers] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] C:\WINDOWS\system32\igfxpers.exe


    Download AVG Anti-Spyware from HERE and save that file to your desktop. Note for AVG Free anti-virus users only: this is not the same program that you already have, this is an anti-spyware program.

    When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


    1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
    2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    3. On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
    4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    6. Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.


    Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:

    1. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
    2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    3. AVG will now begin the scanning process. Please be patient as this may take a little time.
      Once the scan is complete, do the following:
    4. If you have any infections you will be prompted. Then select "Apply all actions."
    5. Next select the "Reports" icon at the top.
    6. Select the "Save report as" button in the lower left-hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
    7. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • You need to use IE to run this scan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the AVG and Panda scans.
     
  9. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    I told you you would get help and this lady is tops.
     
  10. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    Right After a long night here we go

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 04:01:42 09/07/2007

    + Scan result:



    :mozilla.311:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.353:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    :mozilla.185:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.186:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.382:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.383:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.428:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
    :mozilla.255:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.256:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.257:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.258:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.259:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.260:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
    :mozilla.280:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.281:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
    :mozilla.122:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
    :mozilla.88:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\Documents and Settings\g1tana\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.476:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
    :mozilla.376:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.162:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
    :mozilla.469:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
    :mozilla.470:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
    :mozilla.471:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.
    :mozilla.301:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.302:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.303:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.344:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\g1tana\Cookies\[email protected][3].txt -> TrackingCookie.Connextra : Cleaned.
    :mozilla.265:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
    :mozilla.170:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.171:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.172:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.173:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
    :mozilla.126:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.127:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.128:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.129:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.130:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.131:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.132:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.133:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
    :mozilla.274:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
    :mozilla.155:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.163:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.348:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.366:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.381:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.398:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
    :mozilla.151:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.152:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.153:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
    :mozilla.205:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.207:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.438:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Information : Cleaned.
    :mozilla.298:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
    :mozilla.187:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
    :mozilla.43:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
    :mozilla.229:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.230:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.231:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.232:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.233:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.234:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.437:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
    :mozilla.266:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.267:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.268:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.269:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.270:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.271:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.239:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
    :mozilla.111:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.112:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.113:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
    :mozilla.308:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
    :mozilla.202:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
    :mozilla.174:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.175:C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


    ::Report end




    Incident Status Location

    Potentially unwanted tool:Application/RegCure Not disinfected C:\Program Files\RegCure\RegCure.exe
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\MSIMG32.dll
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b7gn9hy1.default\cookies.txt[.azjmp.com/]
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\g1tana\Application Data\Mozilla\Firefox\Profiles\ksjr42wy.default\cookies.txt[.apmebf.com/]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Documents and Settings\g1tana\Desktop\RegCureSetup_1_4.exe
    Virus:W32/Parite.B Not disinfected C:\Downloads\Re-Volt.rar[Re-Volt\editor\TrackEdit.exe]
    Virus:W32/Parite.B Not disinfected C:\Downloads\Re-Volt.rar[Re-Volt\editor\UpdateTrack.exe]
    Virus:W32/Parite.B Not disinfected C:\Downloads\Re-Volt.rar[Re-Volt\rvpatch110.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack\CRACK\RegCure.exe
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack\RegCure 1.4 Trial.exe
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack.zip[CRACK/RegCure.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack.zip[RegCure 1.4 Trial.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack.zip[RegCure 1.4 Trial.exe][RegCure.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCure 1.4 + Crack\RegCure 1.4 + Crack.zip[RegCure 1.4 Trial.exe][uninst.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCureSetup_ta.exe[RegCure.exe]
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Downloads\**** to keep\RegCureSetup_ta.exe[uninst.exe]
    Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
    Potentially unwanted tool:Application/RegCure Not disinfected C:\Program Files\RegCure\uninst.exe

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:54:18, on 09/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [igfxpers] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www.btsecurity.bt.com/bt/bin/wizard.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IIS Admin (IISADMIN) - Macrovision Corporation - (no file)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 8558 bytes
     
  11. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,337
    First Name:
    Karen
    Download ComboFix to your Desktop.

    Reboot to Safe mode:

    Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done properly a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

    Perform the following actions in Safe Mode.
    • Double click combofix.exe and follow the prompts.
    • When finished, it will produce a log for you. Post that log and a new HijackThis log in your next reply
    Note: Do not mouseclick combofix's window while it's running as that may cause it to stall
     
  12. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    thank you cookiegal here's the log files

    "g1tana" - 2007-07-09 20:41:20 - ComboFix 07-07-10.1 - Service Pack 2 [SAFE MODE]


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


    -------\LEGACY_IPRIP
    -------\LEGACY_NM
    -------\LEGACY_NPF
    -------\Iprip
    -------\nm
    -------\NPF


    ((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


    2007-07-09 20:31 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-09 04:13 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
    2007-07-09 04:13 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
    2007-07-09 00:39 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-08 22:43 <DIR> d-------- C:\Program Files\Trend Micro
    2007-07-08 21:46 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\SystemRequirementsLab
    2007-07-08 00:37 <DIR> d-------- C:\Program Files\XP Repair Pro 2007
    2007-07-08 00:21 36,864 --------- C:\WINDOWS\system32\wbsys.dll
    2007-07-08 00:21 20,480 --a------ C:\WINDOWS\system32\wbload.dll
    2007-07-08 00:21 <DIR> d-------- C:\Program Files\Stardock
    2007-07-07 19:59 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
    2007-07-07 19:58 <DIR> d-------- C:\Program Files\Driver-Soft
    2007-07-07 16:20 <DIR> d-------- C:\Program Files\Security Task Manager
    2007-07-06 21:51 164 --a------ C:\install.dat
    2007-07-06 21:44 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\GetRightToGo
    2007-07-05 18:40 <DIR> d-------- C:\Program Files\Ableton
    2007-07-05 18:40 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\Ableton
    2007-07-05 18:02 3 --a------ C:\WINDOWS\system32\ceme26.dll
    2007-07-05 18:02 3 --a------ C:\WINDOWS\ceme26.dat
    2007-07-05 18:02 <DIR> d-------- C:\Program Files\Celemony
    2007-07-04 18:49 <DIR> d-------- C:\Program Files\Audacity
    2007-07-03 12:47 <DIR> d-------- C:\Program Files\Marine Sharpshooter 3
    2007-07-03 12:47 <DIR> d-------- C:\games
    2007-07-02 16:41 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\LimeWire
    2007-07-01 23:18 <DIR> d-------- C:\WINDOWS\CAVTemp
    2007-07-01 20:17 1,021,504 --a------ C:\WINDOWS\system32\vete.dll
    2007-07-01 19:58 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\SiteAdvisor
    2007-07-01 19:27 77,824 --a------ C:\WINDOWS\system32\driverif.dll
    2007-07-01 19:27 653,064 --a------ C:\WINDOWS\system32\imsinstall.dll
    2007-07-01 19:27 645,904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
    2007-07-01 19:27 59,144 --a------ C:\WINDOWS\zllsputility.exe
    2007-07-01 19:27 21,605 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
    2007-07-01 19:27 2,803,456 --a------ C:\WINDOWS\system32\imslsp.dll
    2007-07-01 19:27 15,668 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
    2007-07-01 19:27 12,288 --a------ C:\WINDOWS\system32\vetntmsg.dll
    2007-07-01 19:27 115,088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
    2007-07-01 19:26 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-06-30 19:52 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\Ahead
    2007-06-30 19:50 <DIR> d-------- C:\Program Files\Nero
    2007-06-30 19:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
    2007-06-30 19:43 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\CyberLink
    2007-06-30 19:37 <DIR> d-------- C:\MyWorks
    2007-06-30 19:27 <DIR> d-------- C:\Program Files\Innovatools
    2007-06-30 19:21 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\InterVideo
    2007-06-30 19:18 <DIR> d-------- C:\Program Files\InterActual
    2007-06-30 19:17 831,600 --a------ C:\WINDOWS\system32\Ctaa1.dat
    2007-06-30 19:17 77,824 --a------ C:\WINDOWS\system32\ctdvda32.dll
    2007-06-30 19:17 333,600 --a------ C:\WINDOWS\system32\drivers\ctdvda2k.sys
    2007-06-30 19:17 <DIR> d-------- C:\Program Files\InterVideo
    2007-06-30 19:17 <DIR> d-------- C:\Program Files\Creative
    2007-06-30 19:17 <DIR> d-------- C:\Program Files\Common Files\InterVideo
    2007-06-27 17:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
    2007-06-27 17:23 <DIR> d-------- C:\Program Files\PowerISO
    2007-06-26 19:08 <DIR> d-------- C:\Program Files\RegCure
    2007-06-20 21:09 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Authentium
    2007-06-20 21:07 <DIR> d-------- C:\Program Files\BT
    2007-06-20 20:58 106,496 --a------ C:\WINDOWS\system32\atl71.dll
    2007-06-20 20:58 <DIR> d-------- C:\Program Files\Common Files\Authentium Shared
    2007-06-20 13:50 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\Sammsoft
    2007-06-18 11:31 <DIR> d-------- C:\DOCUME~1\g1tana\OngameNetwork
    2007-06-16 15:36 <DIR> d-------- C:\WINDOWS\system32\FlashAX
    2007-06-14 20:37 14 --a------ C:\DOCUME~1\g1tana\getfile.dat
    2007-06-13 23:12 <DIR> d-------- C:\Program Files\F1 Challange KRC 2007
    2007-06-12 20:52 <DIR> d-------- C:\DOCUME~1\g1tana\APPLIC~1\Help
    2007-06-12 20:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SecTaskMan
    2007-06-11 04:12 <DIR> d-------- C:\Program Files\Windows Live


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-09 07:04:21 -------- d-----w C:\Program Files\Windows Defender
    2007-07-09 07:01:25 -------- d-----w C:\Program Files\Messenger
    2007-07-09 07:00:32 -------- d-----w C:\Program Files\Google
    2007-07-09 06:47:41 -------- d-----w C:\Program Files\Bonjour
    2007-07-08 14:51:30 -------- d-----w C:\Program Files\EA SPORTS
    2007-07-08 12:37:38 -------- d-----w C:\Program Files\VstPlugins
    2007-07-06 20:22:31 -------- d-----w C:\Program Files\Card Tricks
    2007-07-06 20:22:30 -------- d-----w C:\Program Files\Alwil Software
    2007-07-06 20:22:21 -------- d-----w C:\Program Files\Activision
    2007-07-06 10:53:24 -------- d-----w C:\Program Files\BitComet
    2007-07-03 22:30:28 -------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-07-02 17:36:16 -------- d-----w C:\Program Files\Image-Line
    2007-07-01 18:30:19 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
    2007-06-28 13:58:03 -------- d-----w C:\Program Files\Windows Live Safety Center
    2007-06-27 11:27:17 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll
    2007-06-20 21:02:48 -------- d-----w C:\Program Files\Adverts
    2007-06-20 21:02:48 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\grim regs
    2007-06-20 14:23:09 -------- d-----w C:\Program Files\MSN Messenger
    2007-06-12 18:14:36 825 --sha-w C:\WINDOWS\system32\mmf.sys
    2007-06-11 03:12:05 -------- d-----w C:\Program Files\Messenger Plus! Live
    2007-06-10 08:51:45 -------- d-----w C:\Program Files\Hide IP Platinum
    2007-06-10 06:19:46 3,050 ----a-w C:\WINDOWS\system32\ealregsnapshot1.reg
    2007-06-07 18:58:09 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Talkback
    2007-06-07 13:06:31 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Ufasoft
    2007-06-06 04:22:01 -------- d-----w C:\Program Files\DIKO
    2007-05-30 18:36:41 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Microsoft Corporation
    2007-05-26 01:09:47 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2007-05-26 01:09:41 -------- d-----w C:\Program Files\Sitecom
    2007-05-25 05:38:03 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\WildPackets
    2007-05-24 18:07:41 -------- d-----w C:\Program Files\MSXML 4.0
    2007-05-24 05:36:17 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Samsung
    2007-05-23 19:54:10 -------- d-----w C:\Program Files\Samsung
    2007-05-21 20:37:48 -------- d-----w C:\Program Files\Belarc
    2007-05-20 01:34:51 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Apple Computer
    2007-05-18 11:19:56 9 ----a-w C:\winmap.dll
    2007-05-18 11:19:56 9 ----a-w C:\Program Files\install_log.dat
    2007-05-17 00:51:43 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\SYSTRAN
    2007-05-17 00:49:31 -------- d-----w C:\Program Files\SYSTRAN
    2007-05-17 00:49:23 878,080 ----a-w C:\WINDOWS\system32\iconv.dll
    2007-05-17 00:49:23 721,920 ----a-w C:\WINDOWS\system32\libxml2.dll
    2007-05-17 00:49:23 51,200 ----a-w C:\WINDOWS\system32\libexslt.dll
    2007-05-17 00:49:23 150,016 ----a-w C:\WINDOWS\system32\libxslt.dll
    2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
    2007-05-14 17:17:47 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\My Games
    2007-05-14 17:05:48 -------- d-----w C:\Program Files\Firaxis Games
    2007-05-14 17:05:31 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\InstallShield
    2007-05-14 05:17:14 -------- d-----w C:\DOCUME~1\g1tana\APPLIC~1\Google
    2007-05-14 02:46:01 -------- d-----w C:\Program Files\Atari
    2007-05-09 00:27:38 -------- d-----w C:\Program Files\QuickTime
    2007-05-09 00:26:24 -------- d-----w C:\Program Files\Apple Software Update
    2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
    2007-04-21 21:45:19 48,640 ----a-w C:\WINDOWS\mmfs.dll
    2007-04-21 00:57:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
    2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
    2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
    2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
    2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
    2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
    2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
    2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
    2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
    2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
    2007-04-17 05:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
    2007-04-17 05:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
    2007-06-14 14:07 443968 --a------ C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
    2006-10-27 08:48 2210608 --a------ C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2006-12-15 11:23 440056 --a------ C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    2006-09-01 04:33 322368 --a------ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    2007-03-23 01:18 2403392 -ra------ c:\program files\google\googletoolbar2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    2007-06-23 11:12 325048 --a------ C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxpers"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 08:47]
    "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-08-29 19:09]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-09 00:41]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 14:18]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-11 06:34]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11]
    "XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 04:51]
    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 04:05]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 08:48]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-07-09 00:41]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^g1tana^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    "C:\Program Files\D-Tools\daemon.exe" -lang 1033

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
    "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
    AutoRun\command- F1 Challange KRC 2007 setup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7efdd7be-e9e7-11db-b868-000cf628600e}]
    AutoRun\command- E:\Autorun.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-09 19:00:00 C:\WINDOWS\tasks\AC07797C9A64EF48.job
    2007-07-07 20:12:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    2007-07-08 02:30:00 C:\WINDOWS\tasks\ErrorKiller Scheduled Scan.job
    2007-07-09 19:52:43 C:\WINDOWS\tasks\MP Scheduled Scan.job
    2007-07-09 08:13:09 C:\WINDOWS\tasks\RegCure.job

    **************************************************************************

    catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-09 20:50:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-09 20:53:39 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-07-09 20:53

    --- E O F ---
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:59:30, on 09/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\ZoneLabs\isafe.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=2057
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
    O3 - Toolbar: (no name) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - (no file)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O4 - HKLM\..\Run: [igfxpers] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} (CNavigationManager Object) - http://www.btsecurity.bt.com/bt/bin/wizard.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IIS Admin (IISADMIN) - Macrovision Corporation - (no file)
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 7986 bytes
     
  13. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    34,668
    First Name:
    James
    Did the drive letter changed?
     
  14. G1tana

    G1tana Thread Starter

    Joined:
    Mar 23, 2007
    Messages:
    13
    No its still D and working fine
     
  15. Couriant

    Couriant Trusted Advisor

    Joined:
    Mar 26, 2002
    Messages:
    34,668
    First Name:
    James
    OK, the reason I asked is that some games will go to the original letter drive for the CD, and if that was changed then it would not work.

    Also I noticed that you have Windows Defender. I know that on Vista it's a pain in the behind when you try to load games up (I have a few minor issues with some of my games). Perhaps End Tasking that process and try again to see if it will allow you to run your games.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/593337

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice