1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Taskbar freeze

Discussion in 'Windows XP' started by Dunko9, Jul 30, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    hi, can you help me, when i click any program on taskbar once, then nothing comeup, freeze till 2 mins, they comeup , why so long? it should straight away,

    here HJT...

    Logfile of HijackThis v1.99.1
    Scan saved at 13:19:29, on 30/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\LckFldService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rmctrl.exe
    C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zoom\CnxDslTb.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Documents and Settings\DunkoGeriSamanthaLeo\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portal.plus.net/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://portal.plus.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet Explorer
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [QOELOADER] "c:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Zoom\CnxDslTb.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKCU\..\Run: [Pocket Pardew] C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    O4 - Global Startup: Fantastic Flame Agent.lnk = C:\Program Files\Fantastic Flame Screensaver\FantasticFlameAgent.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O14 - IERESET.INF: START_PAGE_URL=http://portal.plus.net/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123435248765
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://213.2.210.34//activex/AMC.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5C4485-3DA9-4DDB-82FB-5E71C4DFFD5C}: NameServer = 212.159.6.10 212.159.6.9
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - c:\Program Files\Common Files\Kodak\kodak_dr\KodakCCS.exe
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    thank you.:)
     
  2. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    Anyone?:(

    HJK here again....


    Logfile of HijackThis v1.99.1
    Scan saved at 15:18:52, on 12/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\KService\KService.exe
    C:\WINDOWS\system32\LckFldService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\rmctrl.exe
    C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\ltmsg.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zoom\CnxDslTb.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SiteAdvisor\SiteAdv.exe
    C:\Documents and Settings\DunkoGeriSamanthaLeo\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfootballforum.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet Explorer
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [QOELOADER] "c:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Zoom\CnxDslTb.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [Pocket Pardew] C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://portal.plus.net/
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123435248765
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://213.2.210.34//activex/AMC.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5C4485-3DA9-4DDB-82FB-5E71C4DFFD5C}: NameServer = 212.159.6.10 212.159.6.9
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - c:\Program Files\Common Files\Kodak\kodak_dr\KodakCCS.exe
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe


    im grateful if anyone help me...:eek:
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!

    Reboot into Safe Mode
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Doubleclick WinPFind.exe
    • Now Click "Start Scan"
    • It will scan the entire System, so please be patient!
    • Once the Scan is Complete
      • Reboot back to Normal Mode!
      • Go to the WinPFind folder
      • Locate WinPFind.txt
      • Place those results in the next post!.
     
  4. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    done.

    here....

    WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

    If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

    »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
    Internet Explorer Version: 7.0.5450.4

    »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

    Checking %SystemDrive% folder...

    Checking %ProgramFilesDir% folder...

    Checking %WinDir% folder...
    aspack 08/06/2005 17:17:08 186368 C:\WINDOWS\champions_saver.scr
    aspack 06/11/2003 13:08:02 180736 C:\WINDOWS\crest_saver.scr
    aspack 08/06/2005 17:15:00 186368 C:\WINDOWS\etherington_saver.scr
    PECompact2 18/10/2004 22:01:40 9963572 C:\WINDOWS\VPTNFILE.202
    PECompact2 23/10/2004 23:42:48 10103586 C:\WINDOWS\VPTNFILE.214
    UPX! 18/10/2004 22:01:42 1036800 C:\WINDOWS\vsapi32.dll
    aspack 18/10/2004 22:01:42 1036800 C:\WINDOWS\vsapi32.dll

    Checking %System% folder...
    aspack 22/07/2005 19:59:04 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll
    aspack 05/12/2005 18:09:18 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll
    aspack 31/03/2006 12:40:58 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll
    PEC2 18/08/2001 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
    aspack 09/01/2005 21:48:36 129536 C:\WINDOWS\SYSTEM32\IJL15.dll
    aspack 09/01/2005 21:48:36 804864 C:\WINDOWS\SYSTEM32\ImgX5.dll
    PTech 19/06/2006 16:19:42 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
    PECompact2 03/08/2006 02:22:50 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 03/08/2006 02:22:50 8255912 C:\WINDOWS\SYSTEM32\MRT.exe
    aspack 04/08/2004 08:56:36 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
    qoologic 08/10/2004 21:34:22 7365069 C:\WINDOWS\SYSTEM32\pav.sig
    aspack 08/10/2004 21:34:22 7365069 C:\WINDOWS\SYSTEM32\pav.sig
    SAHAgent 08/10/2004 21:34:22 7365069 C:\WINDOWS\SYSTEM32\pav.sig
    Umonitor 04/08/2004 08:56:44 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
    winsync 18/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
    PTech 19/06/2006 16:19:26 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe
    aspack 09/01/2005 21:48:38 424960 C:\WINDOWS\SYSTEM32\_ISource21.dll

    Checking %System%\Drivers folder and sub-folders...
    UPX! 07/08/2006 21:19:16 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    FSG! 07/08/2006 21:19:16 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    PEC2 07/08/2006 21:19:16 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    aspack 07/08/2006 21:19:16 777472 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
    PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

    Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


    Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
    13/08/2006 02:15:06 S 2048 C:\WINDOWS\bootstat.dat
    12/08/2006 11:42:06 H 54156 C:\WINDOWS\QTFont.qfn
    24/06/2006 19:54:32 HS 7168 C:\WINDOWS\Thumbs.db
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\WindowsShell.Manifest
    26/06/2006 23:53:00 H 8628 C:\WINDOWS\Help\netcfg.GID
    24/06/2006 19:54:22 HS 7168 C:\WINDOWS\LS_Scr\Thumbs.db
    24/06/2006 19:54:22 HS 5632 C:\WINDOWS\Medabots dir\Thumbs.db
    24/06/2006 19:54:28 HS 5120 C:\WINDOWS\ShellNew\Thumbs.db
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
    11/08/2006 18:24:20 H 1024 C:\WINDOWS\system32\default_user_class.dat.LOG
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
    24/06/2006 19:54:26 HS 8192 C:\WINDOWS\system32\Thumbs.db
    10/08/2006 17:40:22 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
    23/06/2006 10:15:36 S 42278 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7beta3.cat
    07/07/2006 08:03:30 S 10690 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914440.cat
    05/07/2006 13:21:58 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat
    28/07/2006 13:16:08 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899.cat
    27/07/2006 15:00:28 S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920214.cat
    21/07/2006 10:03:14 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat
    26/06/2006 20:47:22 S 11929 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat
    13/07/2006 15:24:46 S 13050 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921398.cat
    14/07/2006 17:13:00 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB921883.cat
    14/07/2006 16:53:20 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922616.cat
    19/06/2006 16:20:58 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
    13/08/2006 02:15:20 H 12288 C:\WINDOWS\system32\config\default.LOG
    13/08/2006 02:15:56 H 1024 C:\WINDOWS\system32\config\SAM.LOG
    13/08/2006 02:15:10 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
    13/08/2006 02:22:22 H 208896 C:\WINDOWS\system32\config\software.LOG
    13/08/2006 02:14:04 H 1024 C:\WINDOWS\system32\config\system.LOG
    11/08/2006 18:19:22 H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
    25/07/2006 18:47:52 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\a14a10c6-3eec-44cf-9b04-a6b3e942366b
    25/07/2006 18:47:52 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
    18/07/2006 03:17:06 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\935744f4-5b4a-4c4f-be8f-50f9f2e9dd3d
    18/07/2006 03:17:06 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
    13/08/2006 02:18:38 H 330 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    13/08/2006 02:13:46 H 6 C:\WINDOWS\Tasks\SA.DAT
    24/06/2006 19:54:28 HS 5632 C:\WINDOWS\Totally Spies dir\Thumbs.db
    24/06/2006 19:54:26 HS 7168 C:\WINDOWS\Web\Thumbs.db

    Checking for CPL files...
    Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
    18/01/2004 00:09:54 41984 C:\WINDOWS\SYSTEM32\AdvUninstCPL.cpl
    Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
    Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
    Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
    Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
    Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
    Microsoft Corporation 23/06/2006 05:41:10 1402368 C:\WINDOWS\SYSTEM32\inetcpl.cpl
    Microsoft Corporation 24/08/2005 20:30:52 14336 C:\WINDOWS\SYSTEM32\infocardcpl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
    Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
    Sun Microsystems, Inc. 03/05/2006 02:56:54 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
    Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
    Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
    Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
    Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
    Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
    NVIDIA Corporation 01/06/2006 17:22:00 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl
    01/06/2006 17:22:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
    Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
    Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
    Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
    Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
    Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
    Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
    Microsoft Corporation 04/08/2004 08:56:58 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
    Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
    Microsoft Corporation 04/08/2004 08:56:58 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
    Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
    Microsoft Corporation 04/08/2004 08:56:58 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
    Microsoft Corporation 23/06/2006 05:41:10 1402368 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
    Microsoft Corporation 04/08/2004 08:56:58 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
    Microsoft Corporation 04/08/2004 08:56:58 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
    Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
    Microsoft Corporation 04/08/2004 08:56:58 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
    Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
    Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
    Microsoft Corporation 04/08/2004 08:56:58 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
    Microsoft Corporation 04/08/2004 08:56:58 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
    Microsoft Corporation 04/08/2004 08:56:58 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
    Microsoft Corporation 04/08/2004 08:56:58 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
    Microsoft Corporation 04/08/2004 08:56:58 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
    Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
    Microsoft Corporation 04/08/2004 08:56:58 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
    Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
    Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

    »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

    Checking files in %ALLUSERSPROFILE%\Startup folder...
    22/07/2004 19:16:12 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
    21/07/2006 23:08:40 879 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Keyboard Driver.lnk
    21/07/2006 23:08:40 857 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Enable Wireless Optical Mouse Driver.lnk

    Checking files in %ALLUSERSPROFILE%\Application Data folder...
    22/07/2004 20:03:30 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
    27/07/2006 21:44:28 10320 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

    Checking files in %USERPROFILE%\Startup folder...
    22/07/2004 19:16:12 HS 84 C:\Documents and Settings\DunkoGeriSamanthaLeo\Start Menu\Programs\Startup\desktop.ini
    27/03/2006 00:02:44 1592 C:\Documents and Settings\DunkoGeriSamanthaLeo\Start Menu\Programs\Startup\Rainlendar.lnk

    Checking files in %USERPROFILE%\Application Data folder...
    28/05/2006 12:44:56 1057 C:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\AdobeDLM.log
    22/07/2004 20:03:30 HS 62 C:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\desktop.ini
    28/12/2004 13:28:10 0 C:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\dm.ini
    26/06/2006 22:12:10 62280 C:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\GDIPFONTCACHEV1.DAT
    18/09/2005 20:12:42 1648 C:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\temp.htm

    »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
    =

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

    [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
    {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll
    HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
    {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
    {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\LockFolder
    {4852341A-43E6-4994-B29B-E82904992884} = C:\Program Files\FolderAccess\LckFldMenu.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
    {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
    {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = F:\Program Files\WinRAR\rarext.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
    = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}
    = C:\Program Files\SiteAdvisor\SiteAdv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4115122B-85FF-4DD3-9515-F075BEDE5EB5}
    PBlockHelper Class = C:\Program Files\ONSPEED\PBHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45AD732C-2CE2-4666-B366-B2214AD57A49}
    Idea2 SidebarBrowserMonitor Class = C:\Program Files\Desktop Sidebar\sbhelp.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
    = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6291957C-8CE9-4c90-BEFF-12D9E68CFF30}
    = C:\Program Files\LostGoggles\LGoggles.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}
    NOW!Imaging = C:\Program Files\ONSPEED\components\NOWImaging.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
    &Tip of the Day = %SystemRoot%\system32\Shdocvw.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
    {0BF43445-2F28-4351-9252-17FE6E806AA0} = McAfee SiteAdvisor : C:\Program Files\SiteAdvisor\SiteAdv.dll
    {8B79EE88-E62D-4AA8-B530-CC357BA112B7} = ONSPEED : C:\Program Files\ONSPEED\Toolband.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
    MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583}
    MenuText = @xpsp3res.dll,-20001 :

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
    Shell Search Band = %SystemRoot%\system32\Browseui.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
    IE Search Band = C:\WINDOWS\system32\ieframe.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
    =
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
    File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
    Favorites Band = %SystemRoot%\system32\Shdocvw.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
    Explorer Band = %SystemRoot%\system32\Shdocvw.dll

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
    {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\Browseui.dll
    {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll
    {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} = :
    {84B8C682-93D2-44F1-8DAC-9AD59F3E8533} = :
    {8B79EE88-E62D-4AA8-B530-CC357BA112B7} = ONSPEED : C:\Program Files\ONSPEED\Toolband.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    RemoteControl C:\WINDOWS\system32\rmctrl.exe
    QOELOADER "c:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
    PCSuiteTrayApplication C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    nwiz nwiz.exe /install
    LTWinModem1 ltmsg.exe 9
    ISUSScheduler "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    DataLayer C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    Name of App C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
    Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    CnxDslTaskBar C:\Program Files\Zoom\CnxDslTb.exe
    NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    rfagent "C:\Program Files\RFA\rfagent.exe"
    QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
    SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
    IMAIL Installed = 1
    MAPI Installed = 1
    MSFS Installed = 1

    cont....
     
  5. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    cont...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    Pocket Pardew C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    kdx C:\WINDOWS\kdx\KHost.exe -all
    ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk
    backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    item Adobe Gamma Loader
    backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    item Adobe Gamma Loader

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
    backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
    item Adobe Reader Speed Launch
    backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
    item Adobe Reader Speed Launch

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON SMART PANEL for Scanner.lnk
    path c:\Documents and Settings\All Users\Start Menu\Programs\EPSON SMART PANEL for Scanner\EPSON SMART PANEL for Scanner.lnk
    location Common Startup
    command C:\PROGRA~1\EPSON\EPSONS~1\espmain.exe /h
    item EPSON SMART PANEL for Scanner
    path c:\Documents and Settings\All Users\Start Menu\Programs\EPSON SMART PANEL for Scanner\EPSON SMART PANEL for Scanner.lnk
    location Common Startup
    command C:\PROGRA~1\EPSON\EPSONS~1\espmain.exe /h
    item EPSON SMART PANEL for Scanner

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk
    backup C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
    location Common Startup
    command C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    item EPSON Status Monitor 3 Environment Check 2
    backup C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup
    location Common Startup
    command C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    item EPSON Status Monitor 3 Environment Check 2

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk
    path c:\Documents and Settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
    location Common Startup
    command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx
    item Kodak EasyShare software
    path c:\Documents and Settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
    location Common Startup
    command C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE -hx
    item Kodak EasyShare software

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk
    backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
    location Common Startup
    item KODAK Software Updater
    backup C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
    location Common Startup
    item KODAK Software Updater

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
    backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    item Microsoft Office
    backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l
    item Microsoft Office

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ONSPEED.lnk
    path c:\Documents and Settings\All Users\Start Menu\Programs\ONSPEED\ONSPEED.lnk
    backup C:\WINDOWS\pss\ONSPEED.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE
    item ONSPEED
    path c:\Documents and Settings\All Users\Start Menu\Programs\ONSPEED\ONSPEED.lnk
    backup C:\WINDOWS\pss\ONSPEED.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\ONSPEED\ONSPEE~2.EXE
    item ONSPEED

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PC Suite for Nokia 9210i Communicator.lnk
    path c:\Documents and Settings\All Users\Start Menu\Programs\PC Suite for Nokia 9210i Communicator\PC Suite for Nokia 9210i Communicator.lnk
    backup C:\WINDOWS\pss\PC Suite for Nokia 9210i Communicator.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1.EXE
    item PC Suite for Nokia 9210i Communicator
    path c:\Documents and Settings\All Users\Start Menu\Programs\PC Suite for Nokia 9210i Communicator\PC Suite for Nokia 9210i Communicator.lnk
    backup C:\WINDOWS\pss\PC Suite for Nokia 9210i Communicator.lnkCommon Startup
    location Common Startup
    command C:\PROGRA~1\Nokia\PCSUIT~1\CONNEC~1.EXE
    item PC Suite for Nokia 9210i Communicator

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Phone Connection Monitor.lnk
    backup C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup
    location Common Startup
    item Phone Connection Monitor
    backup C:\WINDOWS\pss\Phone Connection Monitor.lnkCommon Startup
    location Common Startup
    item Phone Connection Monitor

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^DunkoGeriSamanthaLeo^Start Menu^Programs^Startup^Registration Brothers In Arms EiB Demo.LNK
    backup C:\WINDOWS\pss\Registration Brothers In Arms EiB Demo.LNKStartup
    location Startup
    item Registration Brothers In Arms EiB Demo
    backup C:\WINDOWS\pss\Registration Brothers In Arms EiB Demo.LNKStartup
    location Startup
    item Registration Brothers In Arms EiB Demo

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^DunkoGeriSamanthaLeo^Start Menu^Programs^Startup^WordWeb.lnk
    path c:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\Microsoft\Internet Explorer\Quick Launch\WordWeb.lnk
    location Startup
    command C:\PROGRA~1\WordWeb\wweb32.exe
    item WordWeb
    path c:\Documents and Settings\DunkoGeriSamanthaLeo\Application Data\Microsoft\Internet Explorer\Quick Launch\WordWeb.lnk
    location Startup
    command C:\PROGRA~1\WordWeb\wweb32.exe
    item WordWeb

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ISUSPM Startup
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item isuspm
    hkey HKLM
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item isuspm
    hkey HKLM
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command "C:\Program Files\iTunes\iTunesHelper.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item iTunesHelper
    hkey HKLM
    command "C:\Program Files\iTunes\iTunesHelper.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MagicSpeed
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MagicSL
    hkey HKLM
    command C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MagicSL
    hkey HKLM
    command C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe /autorun
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item qttask
    hkey HKLM
    command "C:\Program Files\QuickTime\qttask.exe" -atboottime
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sky Alerts
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item skinkers
    hkey HKCU
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item skinkers
    hkey HKCU
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SlipStream
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item onspeedcore
    hkey HKLM
    command "C:\Program Files\ONSPEED\onspeedcore.exe"
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item onspeedcore
    hkey HKLM
    command "C:\Program Files\ONSPEED\onspeedcore.exe"
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item realsched
    hkey HKLM
    command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item realsched
    hkey HKLM
    command "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Versato
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MulMouse
    hkey HKLM
    inimapping 0
    key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    item MulMouse
    hkey HKLM
    inimapping 0

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
    system.ini 0
    win.ini 0
    bootini 2
    services 0
    startup 2


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments
    ScanWithAntiVirus 2


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    LinkResolveIgnoreLinkInfo 0
    NoResolveSearch 1


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
    {17492023-C23A-453E-A040-C7C580BBF700} 1

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
    {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
    {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
    {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    dontdisplaylastusername 0
    legalnoticecaption
    legalnoticetext
    shutdownwithoutlogon 1
    undockwithoutlogon 1


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    NoDriveTypeAutoRun 145
    NoInstrumentation 0

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
    CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
    WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
    SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,
    Shell = Explorer.exe
    System =

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
    = WgaLogon.dll

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
    Debugger = ntsd -d

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLs


    »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
    Scan completed on 13/08/2006 02:28:05


    Hope you will find.. cheers
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    I can't see any obvious malware

    what programs take the time to open
    is it all programs or just some
     
  7. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    Really?:confused:

    any programs but i always click internet first, was fine, then click microsoft outlook, suddenly freeze, take 1-2 mins, then come up. And other program sometimes as well like Photoshop CS (graphic program), My Computer, Control Panel, so any idea?
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    * Run Kaspersky online virus scan Kaspersky Online Scanner.

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from Kaspersky scan

    * Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.

    Note: Kavscan is a scanner only & won't fix anything but will normally find the most infected files so it's report gives us a good place to work from
     
  9. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    Kaspersky Online Scanner, it take over 2hrs then crash down! i wont do again.:( (i can see no infection so far before crashdown!)

    so here HJK...

    Logfile of HijackThis v1.99.1
    Scan saved at 19:15:16, on 13/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5450.0004)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\KService\KService.exe
    C:\WINDOWS\system32\LckFldService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rmctrl.exe
    C:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\WINDOWS\system32\ltmsg.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zoom\CnxDslTb.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\RFA\rfagent.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\kdx\KHost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    C:\Program Files\Rainlendar\Rainlendar.exe
    C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
    C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\SiteAdvisor\SiteAdv.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myfootballforum.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PlusNet Internet Explorer
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\ONSPEED\PBHelper.dll
    O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LostGoggles plug-in (web site preview snapshots - www.lostgoggles.com) - {6291957C-8CE9-4c90-BEFF-12D9E68CFF30} - C:\Program Files\LostGoggles\LGoggles.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\ONSPEED\components\NOWImaging.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
    O3 - Toolbar: ONSPEED - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - C:\Program Files\ONSPEED\Toolband.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
    O4 - HKLM\..\Run: [QOELOADER] "c:\Program Files\Qurb\QSP-3.0.311.7\QOELoader.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW LiveUpdate\Liveupdate.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Zoom\CnxDslTb.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
    O4 - HKCU\..\Run: [Pocket Pardew] C:\Documents and Settings\DunkoGeriSamanthaLeo\My Documents\Rippleffect\Pocket Pardew\pardew.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe -all
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
    O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
    O4 - Global Startup: Enable Wireless Optical Mouse Driver.lnk = C:\Program Files\Wireless Device\Wireless Mouse\MouseAp.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZS
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://portal.plus.net/
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123435248765
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://213.2.210.34//activex/AMC.cab
    O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712...amai.com/6712/player/install3.0/installer.exe
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5C4485-3DA9-4DDB-82FB-5E71C4DFFD5C}: NameServer = 212.159.6.9 212.159.6.10
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: Compingo License Service - Compingo - C:\Program Files\Common Files\Compingo Shared\Service\CompingoLicSvc.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
    O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    Unistalled List (HJK)...

    3D Groove Playback Engine
    3-IN-A-BED Version 5.2
    Ad-Aware SE Personal
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Download Manager 2.0 (Remove Only)
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Photoshop CS
    Adobe Reader 7.0.8
    Adobe Reader Korean Fonts
    Adobe Shockwave Player
    Advanced Uninstaller PRO 2006 - version 7
    AVG Free Edition
    AXIS Media Control
    Boilsoft ASF Converter 2.01
    Brothers In Arms
    Brothers In Arms EiB
    Call of Duty
    Call of Duty(R) 2
    CCleaner (remove only)
    CCScore
    Client Activator 2.2 - English (2)
    Client Activator 2.2 - English (All)
    Clue
    CM 03-04
    Convert
    CR2
    Crazy Taxi
    Create Your Own Greeting Cards
    CueClub
    Desktop Sidebar
    DirectX Media Runtime 5.1
    Disney's Princess Fashion Boutique
    Disney's Snow White
    EAX Unified
    EPSON PhotoQuicker3.2
    EPSON Printer Software
    EPSON SMART PANEL for Scanner
    EPSON TWAIN 5
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESShelp
    ESSini
    ESSPCD
    ESSPDock
    ESSSONIC
    ESSTOOLS
    essvatgt
    essvcpt
    Finding Nemo
    FLV Player 1.3.3
    Folder Access 2.0.0 Free Version
    FontPage 3.0.0
    Football Manager 2006
    Fraps
    FW LiveUpdate
    GameSpy Arcade
    Google Earth
    Google Toolbar for Internet Explorer
    Guess Who
    Half-Life: Counter-Strike
    Harry Potter TM
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hijackthis 1.99.1
    HijackThis 1.99.1
    HLPPDOCK
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB896344)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    iPod for Windows 2005-09-23
    iPod for Windows 2006-01-10
    iTunes
    iTunes
    J2SE Runtime Environment 5.0 Update 7
    Jasc Paint Shop Pro 8
    Kaspersky Online Scanner
    kgcbase
    Kodak EasyShare software
    KSU
    Lara Croft Tomb Raider: The Angel Of Darkness
    LMA Professional Manager 2005
    LostGoggles 1.0b2
    Lucent Win Modem
    Macromedia Fireworks MX 2004
    Macromedia Flash MX 2004
    Macromedia Flash Player 8
    Magic Speed
    McAfee SiteAdvisor for Internet Explorer
    Microangelo 5.5
    Microsoft File Transfer Manager
    Microsoft "Indigo" Beta 2
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0 Beta 2
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Calculator Plus
    Microsoft Data Access Components KB870669
    Microsoft Office Converter Pack
    Microsoft Office XP Professional with FrontPage
    Microsoft Windows Application Compatibility Database
    Mobile Media Maker (Nokia) DEMO 1.2
    Monopoly
    Monopoly Junior
    Monopoly Tycoon
    Morph Man v.4
    MSN Messenger 7.5
    MSN Screen Saver (Beta)
    MSXML 6.0 Parser and SDK
    Nero Suite
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Notifier
    NVIDIA Drivers
    NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
    OfotoXMI
    On2 VP3 Video for Windows Codec
    ONSPEED
    OTtBP
    OTtBPSDK
    Pacific Gunner
    PC Suite for Nokia 9210i Communicator
    Player Manager 2003
    PowerDVD
    QuickTime
    QuickTime
    Qurb
    Rainlendar (remove only)
    Real Alternative 1.46
    RealPlayer
    Registry First Aid
    SafeCast Shared Components
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB883939)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901190)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB903235)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB918899)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921883)
    Security Update for Windows XP (KB922616)
    SEMC DSS SyncStation Driver
    Serif WebPlus 7.0
    SFR
    SFR2
    SHASTA
    Shockwave
    SKIN0001
    SKINXSDK
    Sky by broadband
    SolSuite
    SpywareBlaster v3.5.1
    Star Wars Starfighter
    staticcr
    Steel Tide
    The Chronicles of Narnia
    Thrustmapper
    Tomb Raider - The Last Revelation
    Tomb Raider Chronicles
    Tomb Raider II
    Tomb Raider III
    Tomb Raider: Legend 1.0
    TrackMania Nations ESWC 0.1.7.5
    Ulead F/X for GIF Animator
    Ulead GIF Animation Collection I Personal Edition
    Ulead GIF Animator 5 ESD
    Ulead GIF-X.Plugin 2.0
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB900930)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB912945)
    Update for Windows XP (KB916595)
    User Profile Hive Cleanup Service
    Virtual Desktop Manager Powertoy for Windows XP
    VPRINTOL
    Windows Defender
    Windows Defender Signatures
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 7 Beta 3
    Windows Media Connect
    Windows Media Format Runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 10
    Windows Presentation Foundation September CTP v6.0.5215.50818
    Windows Support Tools
    Windows Workflow Foundation
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884883
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB885932
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinFX Runtime Components 3.0 Beta 2
    WinFX Runtime Components 3.0 Beta 2
    WinRAR archiver
    WIRELESS
    Wireless Keyboard and Optical Mouse
    WordWeb
    Zoom USB ADSL WAN Adapter



    hope it help?
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    as I said
    I can't see any obvious signs of any malware

    if Kaspersky didn't find anything then it is likely that it isn't malware causing the problem but something else so I will move this to XP forum where the XP experts can look at it & advise you
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    I am guessing at this being tehcause
    Virtual Desktop Manager Powertoy for Windows XP

    but that is only because I have seen a couple of other reports on google with similar symptoms & uninstalling it cured the problem

    It might work in your case it might not
     
  12. ozrom1e

    ozrom1e

    Joined:
    May 15, 2006
    Messages:
    11,849
    Excuse me for sort of butting in but I have a question on one of the lines in the HJT log file. If I may ask:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{FC5C4485-3DA9-4DDB-82FB-5E71C4DFFD5C}: NameServer = 212.159.6.9 212.159.6.10

    Is not this a Hijacked line? I wonder what and where I would go to doing a tracrt on either of the addresses in here?

    Like I said I am just asking out of curiosity.
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
    that is a plusnet DNS server address so corresponds OK

    to check out use samspade
    http://www.samspade.org/
     
  14. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    i have get rid of Virtual Desktop Manager, then try again, but its same thing!

    i have email to Microsoft about IE7 google problem.
     
  15. Dunko9

    Dunko9 Thread Starter

    Joined:
    Apr 21, 2003
    Messages:
    320
    Its still same problems.

    Anyone?:(

    I don't like Taskbar freeze/pause:( , this make me angry.:mad: everytime when i turn on my pc, then its always once, that i click program on quick launch, then freeze/pause for 1-2 mins, then come up. Why that? It must be something wrong with Taskbar. Any idea for Repair on Taskbar?:(

    Please please anyone help me.:(
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/487753

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice