Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create a FREE account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you sign in.
Create an Account Login to Account

Computer is freezing


  • This topic is locked This topic is locked

#31
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
hi and thank you . my computer has been crashing and when i move the mouse it looks weird like its skipping.

Logfile of HijackThis v1.99.1
Scan saved at 4:07:32 PM, on 1/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msncall.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\home pc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  • 0

Similar Topics: Computer is freezing     x


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

Download the enclosed file:
Save and extract its contents to the desktop. It is a folder containing a Batch file, TempDir.bat . Once extracted, open the folder and double click on the TempDir.bat file . A new document will be produced. Copy and Paste its contents in a reply.

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post the reports on the reply window. Do not attach them, even if you ned to split the reports in two replies.
  • 0

#33
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
"home pc" - 07-01-28 16:44:41 Service Pack 1
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\home pc\Desktop"

ERROR !!! /wow section not completed

((((((((((((((((((((((((((((((( Files Created from 2006-12-28 to 2007-01-28 ))))))))))))))))))))))))))))))))))


2007-01-26 15:56 <DIR> d-------- C:\Program Files\illiminable
2007-01-26 15:56 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Yahoo
2007-01-26 15:55 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-01-26 06:54 <DIR> d-------- C:\Program Files\MSN Messenger
2007-01-25 10:41 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-01-25 10:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-01-24 23:21 <DIR> dr-h----- C:\DOCUME~1\HOMEPC~1\Application Data\yahoo!
2007-01-24 23:05 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\yahoo!
2007-01-15 19:38 <DIR> d-------- C:\!KillBox
2007-01-13 14:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-01-13 13:24 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-11 15:21 <DIR> d-------- C:\Program Files\uTorrent
2007-01-11 15:21 <DIR> d-------- C:\DOCUME~1\HOMEPC~1\Application Data\uTorrent
2007-01-03 15:27 <DIR> d-------- C:\DOCUME~1\HOMEPC~1\Application Data\Skype
2007-01-03 15:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Skype


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-28 16:37 -------- d-------- C:\Program Files\mozilla firefox
2007-01-27 13:58 -------- d-------- C:\Program Files\yahoo!
2007-01-17 17:30 -------- d-------- C:\Program Files\soldier of fortune ii - double helix
2007-01-17 16:51 -------- d-------- C:\Program Files\apple software update
2007-01-03 10:21 -------- d-------- C:\Program Files\google
2006-12-16 19:30 -------- d-------- C:\Program Files\trend micro


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"WinPatrol"="C:\\PROGRA~1\\BILLPS~1\\WINPAT~1\\winpatrol.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0


Completion time: 07-01-28 16:45:17
C:\ComboFix2.txt ... 07-01-14 19:06
C:\ComboFix3.txt ... 07-01-14 19:01





Volume in drive C has no label.
Volume Serial Number is B044-6DD3

Directory of C:\Documents and Settings\home pc\Local Settings\Temp

01/28/2007 04:39 PM <DIR> .
01/28/2007 04:39 PM <DIR> ..
01/24/2007 11:17 PM 21,176 apprentice6.bmp
01/24/2007 11:17 PM 21,176 bodybymilk.bmp
01/24/2007 11:17 PM 21,176 chapstick2.bmp
01/23/2007 01:47 PM 12,936 control.xml
01/24/2007 11:17 PM 21,176 doritoscts.bmp
01/24/2007 11:17 PM 21,176 ghostrider.bmp
01/24/2007 11:12 PM 3,107 h2rD4.tmp
01/24/2007 11:12 PM 3,107 h2rD7.tmp
01/24/2007 11:12 PM 3,107 h2rDA.tmp
01/24/2007 11:12 PM 3,107 h2rDD.tmp
01/24/2007 11:19 PM 3,107 h2rF4.tmp
01/28/2007 03:46 PM 184,694 hpodvd09.log
03/07/2005 10:31 AM 143,645 hpzEN3xu.hlp
01/26/2007 03:56 PM 764 HPZIDS.log
01/27/2007 02:05 PM <DIR> hsperfdata_home pc
01/27/2007 02:05 PM 1,248 java_install_reg.log
01/17/2007 10:08 AM 1,342 MAR1.tmp
01/17/2007 11:19 PM 1,285 MAR10.tmp
01/18/2007 07:00 AM 1,342 MAR11.tmp
01/18/2007 07:00 AM 1,285 MAR12.tmp
01/18/2007 11:27 AM 1,342 MAR13.tmp
01/18/2007 11:27 AM 1,285 MAR14.tmp
01/18/2007 03:16 PM 1,342 MAR15.tmp
01/18/2007 03:16 PM 1,285 MAR16.tmp
01/18/2007 04:43 PM 1,342 MAR17.tmp
01/18/2007 04:43 PM 1,285 MAR18.tmp
01/18/2007 05:23 PM 1,342 MAR19.tmp
01/18/2007 05:23 PM 1,285 MAR1A.tmp
01/18/2007 06:28 PM 1,342 MAR1B.tmp
01/18/2007 06:28 PM 1,285 MAR1C.tmp
01/18/2007 06:41 PM 1,342 MAR1D.tmp
01/18/2007 06:41 PM 1,285 MAR1E.tmp
01/18/2007 06:49 PM 1,342 MAR1F.tmp
01/17/2007 10:08 AM 1,285 MAR2.tmp
01/18/2007 06:49 PM 1,285 MAR20.tmp
01/18/2007 07:11 PM 1,342 MAR21.tmp
01/18/2007 07:11 PM 1,285 MAR22.tmp
01/18/2007 07:16 PM 1,342 MAR23.tmp
01/18/2007 07:16 PM 1,285 MAR24.tmp
01/18/2007 07:42 PM 1,342 MAR25.tmp
01/18/2007 07:42 PM 1,285 MAR26.tmp
01/18/2007 10:24 PM 1,342 MAR27.tmp
01/18/2007 10:24 PM 1,285 MAR28.tmp
01/18/2007 10:52 PM 1,342 MAR29.tmp
01/18/2007 10:52 PM 1,285 MAR2A.tmp
01/18/2007 10:55 PM 1,342 MAR2B.tmp
01/18/2007 10:55 PM 1,285 MAR2C.tmp
01/19/2007 07:31 AM 1,342 MAR2D.tmp
01/19/2007 07:31 AM 1,285 MAR2E.tmp
01/19/2007 11:27 AM 1,342 MAR2F.tmp
01/17/2007 10:47 AM 1,342 MAR3.tmp
01/19/2007 11:27 AM 1,285 MAR30.tmp
01/19/2007 12:58 PM 1,342 MAR31.tmp
01/19/2007 12:58 PM 1,285 MAR32.tmp
01/19/2007 01:22 PM 1,342 MAR33.tmp
01/19/2007 01:22 PM 1,285 MAR34.tmp
01/19/2007 05:25 PM 1,342 MAR35.tmp
01/19/2007 05:25 PM 1,285 MAR36.tmp
01/19/2007 05:38 PM 1,342 MAR37.tmp
01/19/2007 05:38 PM 1,285 MAR38.tmp
01/19/2007 09:12 PM 1,342 MAR39.tmp
01/19/2007 09:12 PM 1,285 MAR3A.tmp
01/20/2007 02:50 AM 1,342 MAR3B.tmp
01/20/2007 02:50 AM 1,285 MAR3C.tmp
01/20/2007 08:44 AM 1,342 MAR3D.tmp
01/20/2007 08:44 AM 1,285 MAR3E.tmp
01/20/2007 12:12 PM 1,342 MAR3F.tmp
01/17/2007 10:47 AM 1,285 MAR4.tmp
01/20/2007 12:12 PM 1,285 MAR40.tmp
01/20/2007 03:22 PM 1,342 MAR41.tmp
01/20/2007 03:22 PM 1,285 MAR42.tmp
01/20/2007 03:43 PM 1,342 MAR43.tmp
01/20/2007 03:43 PM 1,285 MAR44.tmp
01/20/2007 05:27 PM 1,342 MAR45.tmp
01/20/2007 05:27 PM 1,285 MAR46.tmp
01/20/2007 06:04 PM 1,342 MAR47.tmp
01/20/2007 06:04 PM 1,285 MAR48.tmp
01/20/2007 09:33 PM 1,342 MAR49.tmp
01/20/2007 09:33 PM 1,285 MAR4A.tmp
01/21/2007 07:29 AM 1,342 MAR4B.tmp
01/21/2007 07:29 AM 1,285 MAR4C.tmp
01/21/2007 11:32 AM 1,342 MAR4D.tmp
01/21/2007 11:32 AM 1,285 MAR4E.tmp
01/21/2007 12:53 PM 1,342 MAR4F.tmp
01/17/2007 12:17 PM 1,342 MAR5.tmp
01/21/2007 12:53 PM 1,285 MAR50.tmp
01/21/2007 01:08 PM 1,342 MAR51.tmp
01/21/2007 01:08 PM 1,285 MAR52.tmp
01/21/2007 03:40 PM 1,342 MAR53.tmp
01/21/2007 03:40 PM 1,285 MAR54.tmp
01/21/2007 03:48 PM 1,342 MAR55.tmp
01/21/2007 03:48 PM 1,285 MAR56.tmp
01/21/2007 04:13 PM 1,342 MAR57.tmp
01/21/2007 04:13 PM 1,285 MAR58.tmp
01/21/2007 05:01 PM 1,342 MAR59.tmp
01/21/2007 05:01 PM 1,285 MAR5A.tmp
01/21/2007 10:25 PM 1,342 MAR5B.tmp
01/21/2007 10:25 PM 1,285 MAR5C.tmp
01/22/2007 06:33 AM 1,342 MAR5D.tmp
01/22/2007 06:33 AM 1,285 MAR5E.tmp
01/22/2007 06:40 AM 1,342 MAR5F.tmp
01/17/2007 12:17 PM 1,285 MAR6.tmp
01/22/2007 06:40 AM 1,285 MAR60.tmp
01/22/2007 12:08 PM 1,342 MAR61.tmp
01/22/2007 12:08 PM 1,285 MAR62.tmp
01/22/2007 02:21 PM 1,342 MAR63.tmp
01/22/2007 02:21 PM 1,285 MAR64.tmp
01/22/2007 04:39 PM 1,342 MAR65.tmp
01/22/2007 04:39 PM 1,285 MAR66.tmp
01/22/2007 05:20 PM 1,342 MAR67.tmp
01/22/2007 05:20 PM 1,285 MAR68.tmp
01/22/2007 06:10 PM 1,342 MAR69.tmp
01/22/2007 06:10 PM 1,285 MAR6A.tmp
01/22/2007 10:41 PM 1,342 MAR6B.tmp
01/22/2007 10:41 PM 1,285 MAR6C.tmp
01/23/2007 02:50 AM 1,342 MAR6D.tmp
01/23/2007 02:50 AM 1,285 MAR6E.tmp
01/23/2007 07:44 AM 1,342 MAR6F.tmp
01/17/2007 01:36 PM 1,342 MAR7.tmp
01/23/2007 07:44 AM 1,285 MAR70.tmp
01/23/2007 10:51 AM 1,342 MAR71.tmp
01/23/2007 10:51 AM 1,285 MAR72.tmp
01/23/2007 12:35 PM 1,342 MAR73.tmp
01/23/2007 12:35 PM 1,285 MAR74.tmp
01/23/2007 03:25 PM 1,342 MAR75.tmp
01/23/2007 03:25 PM 1,285 MAR76.tmp
01/23/2007 08:26 PM 1,342 MAR77.tmp
01/23/2007 08:26 PM 1,285 MAR78.tmp
01/23/2007 11:44 PM 1,342 MAR79.tmp
01/23/2007 11:44 PM 1,285 MAR7A.tmp
01/24/2007 06:55 AM 1,342 MAR7B.tmp
01/24/2007 06:55 AM 1,285 MAR7C.tmp
01/24/2007 11:56 AM 1,342 MAR7D.tmp
01/24/2007 11:56 AM 1,285 MAR7E.tmp
01/24/2007 02:54 PM 1,342 MAR7F.tmp
01/17/2007 01:36 PM 1,285 MAR8.tmp
01/24/2007 02:54 PM 1,285 MAR80.tmp
01/24/2007 03:46 PM 1,342 MAR81.tmp
01/24/2007 03:46 PM 1,285 MAR82.tmp
01/24/2007 04:06 PM 1,342 MAR83.tmp
01/24/2007 04:06 PM 1,285 MAR84.tmp
01/24/2007 04:33 PM 1,342 MAR85.tmp
01/24/2007 04:33 PM 1,285 MAR86.tmp
01/24/2007 05:20 PM 1,342 MAR87.tmp
01/24/2007 05:20 PM 1,285 MAR88.tmp
01/24/2007 05:36 PM 1,342 MAR89.tmp
01/24/2007 05:36 PM 1,285 MAR8A.tmp
01/24/2007 06:56 PM 1,342 MAR8B.tmp
01/24/2007 06:56 PM 1,285 MAR8C.tmp
01/25/2007 06:57 AM 1,342 MAR8D.tmp
01/25/2007 06:57 AM 1,285 MAR8E.tmp
01/25/2007 10:08 AM 1,342 MAR8F.tmp
01/17/2007 03:47 PM 1,342 MAR9.tmp
01/25/2007 10:08 AM 1,285 MAR90.tmp
01/25/2007 10:39 AM 1,342 MAR91.tmp
01/25/2007 10:39 AM 1,285 MAR92.tmp
01/25/2007 12:39 PM 1,342 MAR93.tmp
01/25/2007 12:39 PM 1,285 MAR94.tmp
01/25/2007 05:22 PM 1,342 MAR95.tmp
01/25/2007 05:22 PM 1,285 MAR96.tmp
01/26/2007 06:53 AM 1,342 MAR97.tmp
01/26/2007 06:53 AM 1,285 MAR98.tmp
01/26/2007 10:08 AM 1,342 MAR99.tmp
01/26/2007 10:08 AM 1,285 MAR9A.tmp
01/26/2007 10:26 AM 1,342 MAR9B.tmp
01/26/2007 10:26 AM 1,285 MAR9C.tmp
01/26/2007 10:57 AM 1,342 MAR9D.tmp
01/26/2007 10:57 AM 1,285 MAR9E.tmp
01/26/2007 03:31 PM 1,342 MAR9F.tmp
01/17/2007 03:47 PM 1,285 MARA.tmp
01/26/2007 03:31 PM 1,285 MARA0.tmp
01/26/2007 03:58 PM 1,342 MARA1.tmp
01/26/2007 03:58 PM 1,285 MARA2.tmp
01/26/2007 04:34 PM 1,342 MARA3.tmp
01/26/2007 04:34 PM 1,285 MARA4.tmp
01/26/2007 07:09 PM 1,342 MARA5.tmp
01/26/2007 07:09 PM 1,285 MARA6.tmp
01/27/2007 07:18 AM 1,342 MARA7.tmp
01/27/2007 07:18 AM 1,285 MARA8.tmp
01/27/2007 10:00 AM 1,342 MARA9.tmp
01/27/2007 10:00 AM 1,285 MARAA.tmp
01/27/2007 12:02 PM 1,342 MARAB.tmp
01/27/2007 12:02 PM 1,285 MARAC.tmp
01/27/2007 03:15 PM 1,342 MARAD.tmp
01/27/2007 03:15 PM 1,285 MARAE.tmp
01/27/2007 03:19 PM 1,342 MARAF.tmp
01/17/2007 06:02 PM 1,342 MARB.tmp
01/27/2007 03:19 PM 1,285 MARB0.tmp
01/27/2007 03:36 PM 1,342 MARB1.tmp
01/27/2007 03:36 PM 1,285 MARB2.tmp
01/27/2007 03:39 PM 1,342 MARB3.tmp
01/27/2007 03:39 PM 1,285 MARB4.tmp
01/27/2007 04:09 PM 1,342 MARB5.tmp
01/27/2007 04:09 PM 1,285 MARB6.tmp
01/27/2007 07:43 PM 1,342 MARB7.tmp
01/27/2007 07:43 PM 1,285 MARB8.tmp
01/28/2007 07:51 AM 1,342 MARB9.tmp
01/28/2007 07:51 AM 1,285 MARBA.tmp
01/28/2007 02:30 PM 1,342 MARBB.tmp
01/28/2007 02:30 PM 1,285 MARBC.tmp
01/28/2007 03:15 PM 1,342 MARBD.tmp
01/28/2007 03:15 PM 1,285 MARBE.tmp
01/28/2007 04:04 PM 1,342 MARBF.tmp
01/17/2007 06:02 PM 1,285 MARC.tmp
01/28/2007 04:04 PM 1,285 MARC0.tmp
01/17/2007 10:40 PM 1,342 MARD.tmp
01/17/2007 10:40 PM 1,285 MARE.tmp
01/17/2007 11:19 PM 1,342 MARF.tmp
01/28/2007 09:28 AM <DIR> MessengerCache
01/24/2007 11:17 PM 21,176 nikeplus.bmp
01/23/2007 02:52 AM 0 nnp96n2p.lnk
01/27/2007 07:19 AM 16,384 Perflib_Perfdata_6b4.dat
01/27/2007 10:01 AM 16,384 Perflib_Perfdata_6e4.dat
01/20/2007 01:58 PM <DIR> plugtmp
01/27/2007 10:46 AM <DIR> plugtmp-1
01/28/2007 01:38 PM <DIR> plugtmp-2
01/17/2007 10:40 PM 410 STS12.tmp
01/17/2007 11:19 PM 410 STS14.tmp
01/18/2007 04:43 PM 410 STS1B.tmp
01/18/2007 03:16 PM 410 STS1D.tmp
01/17/2007 06:56 PM 410 STS1F.tmp
01/18/2007 05:23 PM 410 STS20.tmp
01/18/2007 06:28 PM 410 STS22.tmp
01/18/2007 12:36 PM 410 STS23.tmp
01/18/2007 06:41 PM 410 STS25.tmp
01/18/2007 07:12 PM 410 STS27.tmp
01/18/2007 07:16 PM 311 STS29.tmp
01/18/2007 07:42 PM 311 STS2B.tmp
01/18/2007 07:01 PM 410 STS2D.tmp
01/18/2007 10:24 PM 311 STS2E.tmp
01/18/2007 10:52 PM 311 STS30.tmp
01/18/2007 10:55 PM 311 STS32.tmp
01/19/2007 07:31 AM 311 STS33.tmp
01/19/2007 11:27 AM 311 STS36.tmp
01/19/2007 12:58 PM 311 STS37.tmp
01/19/2007 01:22 PM 311 STS39.tmp
01/19/2007 05:25 PM 311 STS3B.tmp
01/18/2007 09:04 AM 410 STS3D.tmp
01/19/2007 09:12 PM 410 STS3F.tmp
01/20/2007 02:50 AM 410 STS41.tmp
01/20/2007 08:44 AM 410 STS43.tmp
01/20/2007 12:12 PM 410 STS45.tmp
01/19/2007 05:50 PM 410 STS47.tmp
01/20/2007 03:22 PM 410 STS48.tmp
01/20/2007 03:43 PM 410 STS4A.tmp
01/20/2007 05:27 PM 410 STS4C.tmp
01/20/2007 06:04 PM 410 STS4D.tmp
01/20/2007 09:33 PM 410 STS4F.tmp
01/17/2007 10:09 AM 410 STS5.tmp
01/21/2007 07:29 AM 410 STS51.tmp
01/21/2007 11:32 AM 410 STS53.tmp
01/21/2007 12:53 PM 410 STS55.tmp
01/21/2007 01:09 PM 410 STS57.tmp
01/21/2007 03:40 PM 410 STS59.tmp
01/21/2007 03:49 PM 410 STS5B.tmp
01/21/2007 04:14 PM 410 STS5D.tmp
01/21/2007 05:02 PM 410 STS5F.tmp
01/21/2007 10:26 PM 410 STS61.tmp
01/22/2007 06:33 AM 410 STS63.tmp
01/22/2007 06:40 AM 410 STS65.tmp
01/22/2007 12:08 PM 410 STS67.tmp
01/22/2007 02:21 PM 410 STS69.tmp
01/22/2007 04:39 PM 410 STS6B.tmp
01/22/2007 05:20 PM 410 STS6D.tmp
01/22/2007 10:41 PM 410 STS70.tmp
01/22/2007 06:43 PM 410 STS71.tmp
01/23/2007 02:50 AM 410 STS73.tmp
01/23/2007 07:44 AM 410 STS75.tmp
01/23/2007 12:35 PM 410 STS78.tmp
01/23/2007 11:24 AM 410 STS79.tmp
01/23/2007 03:25 PM 311 STS7B.tmp
01/23/2007 08:26 PM 311 STS7D.tmp
01/23/2007 11:44 PM 311 STS7F.tmp
01/17/2007 10:47 AM 410 STS8.tmp
01/24/2007 06:55 AM 311 STS81.tmp
01/24/2007 11:56 AM 311 STS83.tmp
01/24/2007 02:54 PM 311 STS85.tmp
01/24/2007 03:46 PM 311 STS87.tmp
01/24/2007 04:06 PM 311 STS89.tmp
01/24/2007 04:33 PM 311 STS8B.tmp
01/24/2007 05:20 PM 311 STS8D.tmp
01/24/2007 05:37 PM 311 STS8F.tmp
01/24/2007 06:56 PM 311 STS91.tmp
01/25/2007 06:57 AM 311 STS93.tmp
01/25/2007 10:08 AM 311 STS95.tmp
01/25/2007 10:39 AM 311 STS97.tmp
01/25/2007 12:39 PM 311 STS99.tmp
01/26/2007 06:54 AM 311 STS9C.tmp
01/25/2007 05:22 PM 311 STS9E.tmp
01/26/2007 10:09 AM 311 STS9F.tmp
01/17/2007 12:17 PM 410 STSA.tmp
01/26/2007 10:26 AM 311 STSA1.tmp
01/26/2007 10:57 AM 311 STSA3.tmp
01/26/2007 03:31 PM 311 STSA5.tmp
01/26/2007 03:58 PM 311 STSA7.tmp
01/26/2007 04:34 PM 311 STSA9.tmp
01/26/2007 07:09 PM 311 STSAB.tmp
01/27/2007 07:18 AM 311 STSAD.tmp
01/27/2007 10:01 AM 311 STSAF.tmp
01/27/2007 12:03 PM 311 STSB1.tmp
01/27/2007 03:15 PM 311 STSB3.tmp
01/27/2007 03:19 PM 311 STSB5.tmp
01/27/2007 03:37 PM 311 STSB7.tmp
01/27/2007 03:39 PM 311 STSB9.tmp
01/27/2007 04:09 PM 311 STSBB.tmp
01/27/2007 07:43 PM 311 STSBD.tmp
01/28/2007 07:51 AM 311 STSBF.tmp
01/28/2007 02:30 PM 311 STSC1.tmp
01/28/2007 03:15 PM 311 STSC3.tmp
01/28/2007 04:04 PM 311 STSC5.tmp
01/17/2007 01:36 PM 410 STSD.tmp
01/17/2007 03:47 PM 410 STSE.tmp
01/28/2007 02:05 PM <DIR> Temporary Directory 1 for hijackthis.zip
01/28/2007 04:39 PM <DIR> Temporary Directory 1 for TempDir.zip
01/18/2007 09:31 AM 23,262 TFR40.tmp
01/18/2007 09:31 AM 40,950 TFR41.tmp
01/18/2007 09:31 AM 59,218 TFR42.tmp
01/18/2007 09:31 AM 20,560 TFR48.tmp
01/18/2007 09:31 AM 16,178 TFR50.tmp
01/18/2007 09:31 AM 37,885 TFR54.tmp
01/18/2007 09:31 AM 67,994 TFR58.tmp
01/18/2007 09:31 AM 35,574 TFR5C.tmp
01/22/2007 01:47 PM 23,262 TFR68.tmp
01/22/2007 01:47 PM 40,950 TFR69.tmp
01/22/2007 01:47 PM 59,218 TFR6A.tmp
01/22/2007 01:47 PM 20,560 TFR6B.tmp
01/22/2007 01:47 PM 16,178 TFR6C.tmp
01/22/2007 01:47 PM 37,885 TFR6D.tmp
01/22/2007 01:47 PM 67,994 TFR73.tmp
01/22/2007 01:47 PM 35,574 TFR76.tmp
01/22/2007 01:47 PM 46,021 TFR88.tmp
01/22/2007 01:47 PM 23,608 TFR8C.tmp
01/22/2007 01:47 PM 46,660 TFR90.tmp
01/22/2007 01:47 PM 21,122 TFR94.tmp
01/22/2007 01:47 PM 23,427 TFR98.tmp
01/22/2007 01:47 PM 62,753 TFR99.tmp
01/25/2007 11:24 AM 23,262 TFRBB.tmp
01/25/2007 11:24 AM 40,950 TFRBD.tmp
01/25/2007 11:24 AM 59,218 TFRC0.tmp
01/25/2007 11:24 AM 20,560 TFRC7.tmp
01/25/2007 11:24 AM 16,178 TFRCB.tmp
01/27/2007 12:00 PM 4,936,512 TFRCE.tmp
01/25/2007 11:24 AM 37,885 TFRCF.tmp
01/25/2007 11:24 AM 67,994 TFRD2.tmp
01/25/2007 11:24 AM 35,574 TFRD7.tmp
01/25/2007 11:24 AM 46,021 TFRDB.tmp
01/25/2007 11:24 AM 23,608 TFRDF.tmp
01/25/2007 11:24 AM 46,660 TFRE3.tmp
01/25/2007 11:24 AM 21,122 TFRE7.tmp
01/25/2007 11:24 AM 23,427 TFREB.tmp
01/25/2007 11:24 AM 62,753 TFREF.tmp
01/28/2007 12:36 PM 239 TMP100.tmp
01/28/2007 12:42 PM 239 TMP101.tmp
01/28/2007 12:48 PM 239 TMP103.tmp
01/28/2007 12:53 PM 239 TMP104.tmp
01/25/2007 08:37 AM 239 TMP119.tmp
01/26/2007 10:12 AM 239 TMPA0.tmp
01/26/2007 10:58 AM 239 TMPA4.tmp
01/26/2007 03:33 PM 239 TMPA6.tmp
01/26/2007 03:58 PM 239 TMPA8.tmp
01/26/2007 03:58 PM 239 TMPA9.tmp
01/26/2007 06:33 PM 239 TMPAD.tmp
01/27/2007 07:24 AM 239 TMPB0.tmp
01/27/2007 10:13 AM 239 TMPB1.tmp
01/26/2007 09:50 PM 239 TMPB2.tmp
01/27/2007 08:27 AM 239 TMPB3.tmp
01/27/2007 10:41 AM 239 TMPBE.tmp
01/27/2007 07:53 PM 239 TMPBF.tmp
01/27/2007 10:55 AM 239 TMPC6.tmp
01/26/2007 09:33 AM 239 TMPC7.tmp
01/26/2007 10:21 PM 239 TMPC8.tmp
01/27/2007 10:55 AM 239 TMPC9.tmp
01/27/2007 10:55 AM 239 TMPCA.tmp
01/27/2007 11:42 PM 239 TMPD1.tmp
01/27/2007 11:43 PM 239 TMPD2.tmp
01/26/2007 09:45 AM 239 TMPD5.tmp
01/26/2007 09:52 AM 239 TMPD7.tmp
01/26/2007 02:01 PM 239 TMPE8.tmp
01/26/2007 02:03 PM 239 TMPE9.tmp
01/26/2007 02:48 PM 239 TMPEA.tmp
01/28/2007 10:58 AM 239 TMPEB.tmp
01/28/2007 11:02 AM 239 TMPED.tmp
01/28/2007 12:10 PM 239 TMPFD.tmp
01/23/2007 01:32 PM 0 WMP8A.tmp
01/23/2007 01:32 PM 0 WMP8B.tmp
01/27/2007 02:06 PM 0 xx2
01/27/2007 02:06 PM 0 xx3
01/27/2007 02:06 PM 0 xx4
01/27/2007 02:06 PM 0 xx5
01/27/2007 02:06 PM 0 xx6
01/24/2007 11:05 PM <DIR> Yahoo!
01/24/2007 11:17 PM 1,571 ymsgr2
01/27/2007 10:13 AM 1,399 ymsgr3
01/27/2007 10:13 AM 2,065 ymsgr4
01/21/2007 06:36 PM 21 ~1227446cbf671c72008f70d0000.jpd
01/21/2007 06:36 PM 1,784 ~1227446cbf671c72008f70d0000.jpg
01/21/2007 06:36 PM 21 ~12c2be3a431c73340caff4900.jpd
01/21/2007 06:36 PM 651 ~12c2be3a431c73340caff4900.jpg
01/21/2007 06:36 PM 21 ~172f06bb6881c7333c2ed34300.jpd
01/21/2007 06:36 PM 1,901 ~172f06bb6881c7333c2ed34300.jpg
01/21/2007 06:36 PM 21 ~17fba8519c9fd1c737f7f201c300.jpd
01/21/2007 06:36 PM 2,553 ~17fba8519c9fd1c737f7f201c300.jpg
01/21/2007 06:36 PM 21 ~18da8e8518601c714395a0f6c00.jpd
01/21/2007 06:36 PM 2,123 ~18da8e8518601c714395a0f6c00.jpg
01/21/2007 06:36 PM 21 ~1bf56cd1244ab1c72e818d527a00.jpd
01/21/2007 06:36 PM 2,157 ~1bf56cd1244ab1c72e818d527a00.jpg
01/21/2007 06:36 PM 21 ~1d7a2b4548331c726a44526a100.jpd
01/21/2007 06:36 PM 2,372 ~1d7a2b4548331c726a44526a100.jpg
01/21/2007 06:36 PM 21 ~1e79e99d78fdf1c734c9e2b60900.jpd
01/21/2007 06:36 PM 3,437 ~1e79e99d78fdf1c734c9e2b60900.jpg
01/21/2007 06:36 PM 21 ~1e932ec836a6f1c7263aa023ae00.jpd
01/21/2007 06:36 PM 2,870 ~1e932ec836a6f1c7263aa023ae00.jpg
01/21/2007 06:36 PM 21 ~202a9f4e155c11c723b8f1bd0600.jpd
01/21/2007 06:36 PM 2,490 ~202a9f4e155c11c723b8f1bd0600.jpg
01/21/2007 06:36 PM 21 ~2088780a59e21c7333db7061800.jpd
01/21/2007 06:36 PM 1,124 ~2088780a59e21c7333db7061800.jpg
01/21/2007 06:36 PM 21 ~213b07ca2400361c7135aeb5be100.jpd
01/21/2007 06:36 PM 2,311 ~213b07ca2400361c7135aeb5be100.jpg
01/21/2007 06:36 PM 21 ~217f7ddd32341c731cecfa3f000.jpd
01/21/2007 06:36 PM 2,010 ~217f7ddd32341c731cecfa3f000.jpg
01/21/2007 06:36 PM 21 ~2447719bbd71c73b8a5d49ed00.jpd
01/21/2007 06:36 PM 1,656 ~2447719bbd71c73b8a5d49ed00.jpg
01/21/2007 06:36 PM 21 ~26092fa5542a1c72a08a3d37e00.jpd
01/21/2007 06:36 PM 2,398 ~26092fa5542a1c72a08a3d37e00.jpg
01/21/2007 06:36 PM 21 ~286a9e847fe31c731af82645600.jpd
01/21/2007 06:36 PM 923 ~286a9e847fe31c731af82645600.jpg
01/21/2007 06:36 PM 21 ~2988c3d44c1ce1c71fd9dbd6cc00.jpd
01/21/2007 06:36 PM 1,670 ~2988c3d44c1ce1c71fd9dbd6cc00.jpg
01/21/2007 06:36 PM 21 ~29fd45b411df11c710ccf7cb0a00.jpd
01/21/2007 06:36 PM 2,400 ~29fd45b411df11c710ccf7cb0a00.jpg
01/21/2007 06:36 PM 21 ~2b91235c2400361c72246ecd84500.jpd
01/21/2007 06:36 PM 2,784 ~2b91235c2400361c72246ecd84500.jpg
01/21/2007 06:36 PM 21 ~2c36060d80e51c7260924f5d400.jpd
01/21/2007 06:36 PM 2,487 ~2c36060d80e51c7260924f5d400.jpg
01/21/2007 06:36 PM 21 ~2cb8bf3a3e271c71f34da06fd00.jpd
01/21/2007 06:36 PM 1,238 ~2cb8bf3a3e271c71f34da06fd00.jpg
01/21/2007 06:36 PM 21 ~338224256687d1c72087e51e7200.jpd
01/21/2007 06:36 PM 2,697 ~338224256687d1c72087e51e7200.jpg
01/21/2007 06:36 PM 21 ~342db79348a191c70e82bcd59600.jpd
01/21/2007 06:36 PM 2,317 ~342db79348a191c70e82bcd59600.jpg
01/21/2007 06:36 PM 21 ~3433d26b115791c71f341b4add00.jpd
01/21/2007 06:36 PM 2,690 ~3433d26b115791c71f341b4add00.jpg
01/21/2007 06:36 PM 21 ~362373155089c1c737f7dc8c9900.jpd
01/21/2007 06:36 PM 3,632 ~362373155089c1c737f7dc8c9900.jpg
01/21/2007 06:36 PM 21 ~376a2db4c491c7333caacd8b00.jpd
01/21/2007 06:36 PM 1,287 ~376a2db4c491c7333caacd8b00.jpg
01/21/2007 06:36 PM 21 ~38c71277fe31c733ba9fb94000.jpd
01/21/2007 06:36 PM 923 ~38c71277fe31c733ba9fb94000.jpg
01/21/2007 06:36 PM 21 ~38def6182dd7d1c71e4855fee00.jpd
01/21/2007 06:36 PM 2,530 ~38def6182dd7d1c71e4855fee00.jpg
01/21/2007 06:36 PM 21 ~39ce96c96e9641c72ec7e513d400.jpd
01/21/2007 06:36 PM 2,987 ~39ce96c96e9641c72ec7e513d400.jpg
01/21/2007 06:36 PM 21 ~3a18199611a481c73cffd7e84900.jpd
01/21/2007 06:36 PM 2,365 ~3a18199611a481c73cffd7e84900.jpg
01/21/2007 06:36 PM 21 ~3aaf24362400361c70dfe47c07d00.jpd
01/21/2007 06:36 PM 1,903 ~3aaf24362400361c70dfe47c07d00.jpg
01/21/2007 06:36 PM 21 ~3ac053de2a311c72b72a9e56e00.jpd
01/21/2007 06:36 PM 1,992 ~3ac053de2a311c72b72a9e56e00.jpg
01/21/2007 06:36 PM 21 ~3acaa25621161c71e47fbd68600.jpd
01/21/2007 06:36 PM 1,324 ~3acaa25621161c71e47fbd68600.jpg
01/21/2007 06:36 PM 21 ~3ba108fd356b41c731cdfdd50000.jpd
01/21/2007 06:36 PM 2,510 ~3ba108fd356b41c731cdfdd50000.jpg
01/21/2007 06:36 PM 21 ~3bb43a1aad81c73341d4d57c00.jpd
01/21/2007 06:36 PM 885 ~3bb43a1aad81c73341d4d57c00.jpg
01/21/2007 06:36 PM 21 ~3c5f22c5c601c7093a893b700.jpd
01/21/2007 06:36 PM 2,994 ~3c5f22c5c601c7093a893b700.jpg
01/21/2007 06:36 PM 21 ~3cc0b6771cfe21c7219ad969100.jpd
01/21/2007 06:36 PM 2,004 ~3cc0b6771cfe21c7219ad969100.jpg
01/21/2007 06:36 PM 21 ~3df42f50c1291c71e58b2426700.jpd
01/21/2007 06:36 PM 2,113 ~3df42f50c1291c71e58b2426700.jpg
01/21/2007 06:36 PM 21 ~3e6835aafe71c707a6f6354400.jpd
01/21/2007 06:36 PM 2,529 ~3e6835aafe71c707a6f6354400.jpg
01/21/2007 06:36 PM 21 ~41872b9c81531c714366b0aae00.jpd
01/21/2007 06:36 PM 2,438 ~41872b9c81531c714366b0aae00.jpg
01/21/2007 06:36 PM 21 ~41f4a97d82c21c737f177ce4000.jpd
01/21/2007 06:36 PM 2,175 ~41f4a97d82c21c737f177ce4000.jpg
01/21/2007 06:36 PM 21 ~4566d44135c41c715648a075e00.jpd
01/21/2007 06:36 PM 1,182 ~4566d44135c41c715648a075e00.jpg
01/21/2007 06:36 PM 21 ~46b7248943cd1c7381c1e2f3b00.jpd
01/21/2007 06:36 PM 1,750 ~46b7248943cd1c7381c1e2f3b00.jpg
01/21/2007 06:36 PM 21 ~4791dd022400361c7310744135c00.jpd
01/21/2007 06:36 PM 2,438 ~4791dd022400361c7310744135c00.jpg
01/21/2007 06:36 PM 21 ~49f6702a38d461c731a531e7fb00.jpd
01/21/2007 06:36 PM 2,115 ~49f6702a38d461c731a531e7fb00.jpg
01/21/2007 06:36 PM 21 ~4b6fe98715781c73b8ada756200.jpd
01/21/2007 06:36 PM 2,252 ~4b6fe98715781c73b8ada756200.jpg
01/21/2007 06:36 PM 21 ~4d71da96365201c7301992e2c800.jpd
01/21/2007 06:36 PM 2,465 ~4d71da96365201c7301992e2c800.jpg
01/21/2007 06:36 PM 21 ~51493dae2a231c73012cb32d800.jpd
01/21/2007 06:36 PM 1,967 ~51493dae2a231c73012cb32d800.jpg
01/21/2007 06:36 PM 21 ~51b18bd42bc1d1c71fb854c52c00.jpd
01/21/2007 06:36 PM 2,647 ~51b18bd42bc1d1c71fb854c52c00.jpg
01/21/2007 06:36 PM 21 ~53e8bb21c7761c70e00a0911500.jpd
01/21/2007 06:36 PM 2,636 ~53e8bb21c7761c70e00a0911500.jpg
01/21/2007 06:36 PM 21 ~540eafad4644e1c725e77b00e00.jpd
01/21/2007 06:36 PM 1,910 ~540eafad4644e1c725e77b00e00.jpg
01/21/2007 06:36 PM 21 ~57c5fb85249241c72087dcc63700.jpd
01/21/2007 06:36 PM 3,601 ~57c5fb85249241c72087dcc63700.jpg
01/21/2007 06:36 PM 21 ~581e9672174511c7278c53e88300.jpd
01/21/2007 06:36 PM 2,350 ~581e9672174511c7278c53e88300.jpg
01/21/2007 06:36 PM 21 ~5b03409c83601c712ae4edc0500.jpd
01/21/2007 06:36 PM 893 ~5b03409c83601c712ae4edc0500.jpg
01/21/2007 06:36 PM 21 ~5bb9ae34ca3481c734ef5f0f1300.jpd
01/21/2007 06:36 PM 3,050 ~5bb9ae34ca3481c734ef5f0f1300.jpg
01/21/2007 06:36 PM 21 ~5be45705322f1c71fd612aae300.jpd
01/21/2007 06:36 PM 1,540 ~5be45705322f1c71fd612aae300.jpg
01/21/2007 06:36 PM 21 ~5be47edf47b01c71fd5de372700.jpd
01/21/2007 06:36 PM 2,408 ~5be47edf47b01c71fd5de372700.jpg
01/21/2007 06:36 PM 21 ~5d020a50158581c725e58b68fb00.jpd
01/21/2007 06:36 PM 1,994 ~5d020a50158581c725e58b68fb00.jpg
01/21/2007 06:36 PM 21 ~5d4a2c07cb801c7381ca3b2eb00.jpd
01/21/2007 06:36 PM 1,918 ~5d4a2c07cb801c7381ca3b2eb00.jpg
01/21/2007 06:36 PM 21 ~606d1017febc1c71e481cc6700.jpd
01/21/2007 06:36 PM 1,593 ~606d1017febc1c71e481cc6700.jpg
01/21/2007 06:36 PM 21 ~6097c2b6b291c7333d58d93500.jpd
01/21/2007 06:36 PM 1,470 ~6097c2b6b291c7333d58d93500.jpg
01/21/2007 06:36 PM 21 ~6272ab1717411c731e85f09cd00.jpd
01/21/2007 06:36 PM 2,178 ~6272ab1717411c731e85f09cd00.jpg
01/21/2007 06:36 PM 21 ~63e455b516801c6fcab881f5600.jpd
01/21/2007 06:36 PM 2,786 ~63e455b516801c6fcab881f5600.jpg
01/21/2007 06:36 PM 21 ~663b2d8a26cc1c7278c184db900.jpd
01/21/2007 06:36 PM 1,208 ~663b2d8a26cc1c7278c184db900.jpg
01/21/2007 06:36 PM 21 ~6644d82f9d3551c72eb4492c9d00.jpd
01/21/2007 06:36 PM 2,498 ~6644d82f9d3551c72eb4492c9d00.jpg
01/21/2007 06:36 PM 21 ~68c26a61dfdd1c71e47ff6a0d00.jpd
01/21/2007 06:36 PM 2,394 ~68c26a61dfdd1c71e47ff6a0d00.jpg
01/21/2007 06:36 PM 21 ~68df9fcb2014e1c7288cf8ea8500.jpd
01/21/2007 06:36 PM 3,429 ~68df9fcb2014e1c7288cf8ea8500.jpg
01/21/2007 06:36 PM 21 ~6abc492a1977d1c71e2865df3300.jpd
01/21/2007 06:36 PM 1,820 ~6abc492a1977d1c71e2865df3300.jpg
01/21/2007 06:36 PM 21 ~6de4a8cc23f11c71fd610488900.jpd
01/21/2007 06:36 PM 2,539 ~6de4a8cc23f11c71fd610488900.jpg
01/21/2007 06:36 PM 21 ~6df69b8517ce51c71e47f842ff00.jpd
01/21/2007 06:36 PM 1,790 ~6df69b8517ce51c71e47f842ff00.jpg
01/21/2007 06:36 PM 21 ~6ece460367fa1c7260de7477a00.jpd
01/21/2007 06:36 PM 1,622 ~6ece460367fa1c7260de7477a00.jpg
01/21/2007 06:36 PM 21 ~749064d212bd21c711e56ac7a400.jpd
01/21/2007 06:36 PM 1,712 ~749064d212bd21c711e56ac7a400.jpg
01/21/2007 06:36 PM 21 ~79cf052e2400361c7343ecae57300.jpd
01/21/2007 06:36 PM 1,889 ~79cf052e2400361c7343ecae57300.jpg
01/21/2007 06:36 PM 21 ~7a491b761da571c7333a2aa62600.jpd
01/21/2007 06:36 PM 4,108 ~7a491b761da571c7333a2aa62600.jpg
01/21/2007 06:36 PM 21 ~7e1aa1594471c70e82edb5cb00.jpd
01/21/2007 06:36 PM 1,224 ~7e1aa1594471c70e82edb5cb00.jpg
01/21/2007 06:36 PM 21 ~8086be03afa1c71630dcae4c00.jpd
01/21/2007 06:36 PM 2,093 ~8086be03afa1c71630dcae4c00.jpg
01/21/2007 06:36 PM 21 ~8462a6992a261c72601bc572900.jpd
01/21/2007 06:36 PM 1,959 ~8462a6992a261c72601bc572900.jpg
01/21/2007 06:36 PM 21 ~8598c366161f71c7250a9e5acd00.jpd
01/21/2007 06:36 PM 2,352 ~8598c366161f71c7250a9e5acd00.jpg
01/21/2007 06:36 PM 21 ~85ad1b3d27151c71cd325ba6c00.jpd
01/21/2007 06:36 PM 2,721 ~85ad1b3d27151c71cd325ba6c00.jpg
01/21/2007 06:36 PM 21 ~8931e5a55ff21c73451c1193b00.jpd
01/21/2007 06:36 PM 3,745 ~8931e5a55ff21c73451c1193b00.jpg
01/21/2007 06:36 PM 21 ~8bd673dc548f1c7143939dfad00.jpd
01/21/2007 06:36 PM 1,720 ~8bd673dc548f1c7143939dfad00.jpg
01/21/2007 06:36 PM 21 ~8bd8c5442b1c7333ddd2bb800.jpd
01/21/2007 06:36 PM 645 ~8bd8c5442b1c7333ddd2bb800.jpg
01/21/2007 06:36 PM 21 ~8ebf5e484365a1c72637bf6d0c00.jpd
01/21/2007 06:36 PM 2,185 ~8ebf5e484365a1c72637bf6d0c00.jpg
01/21/2007 06:36 PM 21 ~907ce8661e3b41c71e488f37500.jpd
01/21/2007 06:36 PM 2,364 ~907ce8661e3b41c71e488f37500.jpg
01/21/2007 06:36 PM 21 ~940370b65a8b21c731a5298fc000.jpd
01/21/2007 06:36 PM 2,468 ~940370b65a8b21c731a5298fc000.jpg
01/21/2007 06:36 PM 21 ~950d926563c7e1c737ed97fc0000.jpd
01/21/2007 06:36 PM 2,556 ~950d926563c7e1c737ed97fc0000.jpg
01/21/2007 06:36 PM 21 ~9527248ac4701c71e5882935f00.jpd
01/21/2007 06:36 PM 2,034 ~9527248ac4701c71e5882935f00.jpg
01/21/2007 06:36 PM 21 ~96a07a00a2e01c726b12549aa00.jpd
01/21/2007 06:36 PM 3,195 ~96a07a00a2e01c726b12549aa00.jpg
01/21/2007 06:36 PM 21 ~983dd9872a8711c70937b94c8700.jpd
01/21/2007 06:36 PM 1,850 ~983dd9872a8711c70937b94c8700.jpg
01/21/2007 06:36 PM 21 ~99a322fe4ec2f1c726103ee6e500.jpd
01/21/2007 06:36 PM 2,529 ~99a322fe4ec2f1c726103ee6e500.jpg
01/21/2007 06:36 PM 21 ~9a34a197549e11c725e770978600.jpd
01/21/2007 06:36 PM 2,908 ~9a34a197549e11c725e770978600.jpg
01/21/2007 06:36 PM 21 ~9b3ac96b11641c70dd67aef1600.jpd
01/21/2007 06:36 PM 1,941 ~9b3ac96b11641c70dd67aef1600.jpg
01/21/2007 06:36 PM 21 ~9cb1443a2400361c735d567417e00.jpd
01/21/2007 06:36 PM 2,232 ~9cb1443a2400361c735d567417e00.jpg
01/21/2007 06:36 PM 21 ~a158ba40371c31c71e47f37e4b00.jpd
01/21/2007 06:36 PM 810 ~a158ba40371c31c71e47f37e4b00.jpg
01/21/2007 06:36 PM 21 ~a195209fd38f1c72609b6654600.jpd
01/21/2007 06:36 PM 2,649 ~a195209fd38f1c72609b6654600.jpg
01/21/2007 06:36 PM 21 ~a6c691732a3e1c725ea9c683b00.jpd
01/21/2007 06:36 PM 1,966 ~a6c691732a3e1c725ea9c683b00.jpg
01/21/2007 06:36 PM 21 ~a7579cd1a2a61c7381befb16000.jpd
01/21/2007 06:36 PM 2,893 ~a7579cd1a2a61c7381befb16000.jpg
01/21/2007 06:36 PM 21 ~aa72ac2f431c733411e719700.jpd
01/21/2007 06:36 PM 651 ~aa72ac2f431c733411e719700.jpg
01/21/2007 06:36 PM 21 ~adebf634acb21c71f33a5467600.jpd
01/21/2007 06:36 PM 2,070 ~adebf634acb21c71f33a5467600.jpg
01/21/2007 06:36 PM 21 ~aec60cbdd5c091c718c9860f6f00.jpd
01/21/2007 06:36 PM 2,812 ~aec60cbdd5c091c718c9860f6f00.jpg
01/21/2007 06:36 PM 21 ~b0ddd380153691c725e7768d6700.jpd
01/21/2007 06:36 PM 1,930 ~b0ddd380153691c725e7768d6700.jpg
01/21/2007 06:36 PM 21 ~b36e61d323e161c737eed2b26800.jpd
01/21/2007 06:36 PM 1,453 ~b36e61d323e161c737eed2b26800.jpg
01/21/2007 06:36 PM 21 ~b475828429c501c7200662a19e00.jpd
01/21/2007 06:36 PM 2,087 ~b475828429c501c7200662a19e00.jpg
01/21/2007 06:36 PM 21 ~b7b4606a41f6d1c71fc820596c00.jpd
01/21/2007 06:36 PM 3,304 ~b7b4606a41f6d1c71fc820596c00.jpg
01/21/2007 06:36 PM 21 ~b898414114ac1c73a8c589f0f00.jpd
01/21/2007 06:36 PM 2,585 ~b898414114ac1c73a8c589f0f00.jpg
01/21/2007 06:36 PM 21 ~b95a52c214f41c71fd572ed5500.jpd
01/21/2007 06:36 PM 2,971 ~b95a52c214f41c71fd572ed5500.jpg
01/21/2007 06:36 PM 21 ~b97113d095861c72dd0c5e64b00.jpd
01/21/2007 06:36 PM 939 ~b97113d095861c72dd0c5e64b00.jpg
01/21/2007 06:36 PM 21 ~bca18852418421c723b49852d800.jpd
01/21/2007 06:36 PM 1,604 ~bca18852418421c723b49852d800.jpg
01/21/2007 06:36 PM 21 ~bd1ed5fc41f2f1c71fbea8d30f00.jpd
01/21/2007 06:36 PM 3,305 ~bd1ed5fc41f2f1c71fbea8d30f00.jpg
01/21/2007 06:36 PM 21 ~bdebe02379d81c71fd5c2cc1c00.jpd
01/21/2007 06:36 PM 1,641 ~bdebe02379d81c71fd5c2cc1c00.jpg
01/21/2007 06:36 PM 21 ~bec94572193871c71e48db82900.jpd
01/21/2007 06:36 PM 1,542 ~bec94572193871c71e48db82900.jpg
01/21/2007 06:36 PM 21 ~c395010d2400361c73a8d25a94b00.jpd
01/21/2007 06:36 PM 2,178 ~c395010d2400361c73a8d25a94b00.jpg
01/21/2007 06:36 PM 21 ~c5665e5c62bf1c726112fb46700.jpd
01/21/2007 06:36 PM 2,720 ~c5665e5c62bf1c726112fb46700.jpg
01/21/2007 06:36 PM 21 ~c8cd14281ff801c72606b44db800.jpd
01/21/2007 06:36 PM 1,847 ~c8cd14281ff801c72606b44db800.jpg
01/21/2007 06:36 PM 21 ~c8fce79411cf1c73b8acaf61900.jpd
01/21/2007 06:36 PM 2,419 ~c8fce79411cf1c73b8acaf61900.jpg
01/21/2007 06:36 PM 21 ~ca53652f38a21c706c2fb09000.jpd
01/21/2007 06:36 PM 1,663 ~ca53652f38a21c706c2fb09000.jpg
01/21/2007 06:36 PM 21 ~cbeb08f42a641c725ea1815b800.jpd
01/21/2007 06:36 PM 1,978 ~cbeb08f42a641c725ea1815b800.jpg
01/21/2007 06:36 PM 21 ~cbf445b47be1c707818cef0a00.jpd
01/21/2007 06:36 PM 2,147 ~cbf445b47be1c707818cef0a00.jpg
01/21/2007 06:36 PM 21 ~cc7aa6baef2f1c71436a907d200.jpd
01/21/2007 06:36 PM 1,700 ~cc7aa6baef2f1c71436a907d200.jpg
01/21/2007 06:36 PM 21 ~cce06e85fec61c73010dc7ae500.jpd
01/21/2007 06:36 PM 1,533 ~cce06e85fec61c73010dc7ae500.jpg
01/21/2007 06:36 PM 21 ~d2994f37d8d1c71e47f11bf100.jpd
01/21/2007 06:36 PM 871 ~d2994f37d8d1c71e47f11bf100.jpg
01/21/2007 06:36 PM 21 ~d2ec8b2e2749f1c71e48b55cf00.jpd
01/21/2007 06:36 PM 2,835 ~d2ec8b2e2749f1c71e48b55cf00.jpg
01/21/2007 06:36 PM 21 ~d430d022224b71c71e47faa55900.jpd
01/21/2007 06:36 PM 1,738 ~d430d022224b71c71e47faa55900.jpg
01/21/2007 06:36 PM 21 ~d45111fb9a5b1c711827cc42b00.jpd
01/21/2007 06:36 PM 2,467 ~d45111fb9a5b1c711827cc42b00.jpg
01/21/2007 06:36 PM 21 ~d735f1bca1331c734f221f85000.jpd
01/21/2007 06:36 PM 3,050 ~d735f1bca1331c734f221f85000.jpg
01/21/2007 06:36 PM 21 ~dd047834107c1c7333ca012f600.jpd
01/21/2007 06:36 PM 1,035 ~dd047834107c1c7333ca012f600.jpg
01/28/2007 07:54 AM 16,384 ~DF1427.tmp
01/27/2007 07:19 AM 16,384 ~DF184E.tmp
01/27/2007 10:01 AM 16,384 ~DF1B1D.tmp
01/27/2007 12:03 PM 16,384 ~DF1B51.tmp
01/26/2007 06:54 AM 16,384 ~DF27CD.tmp
01/27/2007 09:59 AM 16,744,448 ~DF3601.tmp
01/25/2007 05:22 PM 16,384 ~DF3641.tmp
01/28/2007 04:05 PM 360,448 ~DF379.tmp
01/28/2007 04:05 PM 512 ~DF395.tmp
01/26/2007 03:31 PM 16,384 ~DF4F07.tmp
01/27/2007 09:08 PM 16,384 ~DF54E2.tmp
01/26/2007 10:26 AM 16,384 ~DF7710.tmp
01/24/2007 11:17 PM 16,384 ~DF7CEC.tmp
01/26/2007 03:58 PM 16,384 ~DF82E.tmp
01/27/2007 09:22 AM 360,448 ~DF9430.tmp
01/27/2007 07:20 AM 32,768 ~DF943D.tmp
01/27/2007 09:22 AM 360,448 ~DF9C2E.tmp
01/27/2007 07:59 AM 16,384 ~DF9C3B.tmp
01/26/2007 04:41 PM 16,744,448 ~DF9D86.tmp
01/28/2007 02:49 PM 16,384 ~DFA9A1.tmp
01/27/2007 11:40 AM 360,448 ~DFB1E5.tmp
01/27/2007 11:40 AM 49,152 ~DFB1F2.tmp
01/27/2007 11:40 AM 360,448 ~DFC021.tmp
01/27/2007 11:40 AM 49,152 ~DFC284.tmp
01/26/2007 04:02 PM 8,585,216 ~DFC62E.tmp
01/27/2007 08:22 AM 10,747,904 ~DFE711.tmp
01/25/2007 10:40 AM 16,384 ~DFEACB.tmp
01/26/2007 10:09 AM 16,384 ~DFF01C.tmp
01/25/2007 10:08 AM 16,384 ~DFF329.tmp
01/26/2007 10:58 AM 16,384 ~DFF6A2.tmp
01/27/2007 12:02 PM 6,930,432 ~DFF6DD.tmp
01/28/2007 03:16 PM 16,384 ~DFF965.tmp
01/28/2007 04:05 PM 360,448 ~DFFB87.tmp
01/28/2007 04:05 PM 32,768 ~DFFB9A.tmp
01/27/2007 03:15 PM 16,384 ~DFFDFC.tmp
01/21/2007 06:36 PM 21 ~e191f0cf2400361c73a9982aafe00.jpd
01/21/2007 06:36 PM 2,828 ~e191f0cf2400361c73a9982aafe00.jpg
01/21/2007 06:36 PM 21 ~e43ebf31158581c7224fbdad500.jpd
01/21/2007 06:36 PM 1,994 ~e43ebf31158581c7224fbdad500.jpg
01/21/2007 06:36 PM 21 ~e520bd922ec891c717f0d4047400.jpd
01/21/2007 06:36 PM 2,694 ~e520bd922ec891c717f0d4047400.jpg
01/21/2007 06:36 PM 21 ~e5c68791112c1c7333ce0727400.jpd
01/21/2007 06:36 PM 2,357 ~e5c68791112c1c7333ce0727400.jpg
01/21/2007 06:36 PM 21 ~e608965f2400361c7310747a6e300.jpd
01/21/2007 06:36 PM 2,438 ~e608965f2400361c7310747a6e300.jpg
01/21/2007 06:36 PM 21 ~e66d103fa121c71cd3792cba00.jpd
01/21/2007 06:36 PM 2,200 ~e66d103fa121c71cd3792cba00.jpg
01/21/2007 06:36 PM 21 ~e6d99f0f1dcc91c71f34c491d300.jpd
01/21/2007 06:36 PM 1,862 ~e6d99f0f1dcc91c71f34c491d300.jpg
01/21/2007 06:36 PM 21 ~e728730d68dc81c725e7a177bb00.jpd
01/21/2007 06:36 PM 3,036 ~e728730d68dc81c725e7a177bb00.jpg
01/21/2007 06:36 PM 21 ~e872acf6202f61c7143661814600.jpd
01/21/2007 06:36 PM 2,767 ~e872acf6202f61c7143661814600.jpg
01/21/2007 06:36 PM 21 ~e9dceb9f37ef41c710dd1df8a600.jpd
01/21/2007 06:36 PM 2,352 ~e9dceb9f37ef41c710dd1df8a600.jpg
01/21/2007 06:36 PM 21 ~eb1fc789b3ab1c712ae64512f00.jpd
01/21/2007 06:36 PM 1,677 ~eb1fc789b3ab1c712ae64512f00.jpg
01/21/2007 06:36 PM 21 ~ec79a932d747e1c72adf81606400.jpd
01/21/2007 06:36 PM 2,786 ~ec79a932d747e1c72adf81606400.jpg
01/21/2007 06:36 PM 21 ~ede487131db41c71fd629513a00.jpd
01/21/2007 06:36 PM 1,462 ~ede487131db41c71fd629513a00.jpg
01/21/2007 06:36 PM 21 ~efcbf06f20361c70dd667dc4600.jpd
01/21/2007 06:36 PM 1,430 ~efcbf06f20361c70dd667dc4600.jpg
01/21/2007 06:36 PM 21 ~f3390c4af73681c72dcb88cb8a00.jpd
01/21/2007 06:36 PM 3,224 ~f3390c4af73681c72dcb88cb8a00.jpg
01/21/2007 06:36 PM 21 ~f44d6aad90371c7305c279a700.jpd
01/21/2007 06:36 PM 1,638 ~f44d6aad90371c7305c279a700.jpg
01/21/2007 06:36 PM 21 ~f505804a6e9641c7300d8f494400.jpd
01/21/2007 06:36 PM 2,987 ~f505804a6e9641c7300d8f494400.jpg
01/21/2007 06:36 PM 21 ~f6b475d427b91c71fd69369df00.jpd
01/21/2007 06:36 PM 1,455 ~f6b475d427b91c71fd69369df00.jpg
01/21/2007 06:36 PM 21 ~fad0411321bd61c7300e5eb5da00.jpd
01/21/2007 06:36 PM 3,182 ~fad0411321bd61c7300e5eb5da00.jpg
01/21/2007 06:36 PM 21 ~fb0282763e9921c72007aba62200.jpd
01/21/2007 06:36 PM 2,403 ~fb0282763e9921c72007aba62200.jpg
01/21/2007 06:36 PM 21 ~fd99e6bab9db1c71e5895a62f00.jpd
01/21/2007 06:36 PM 1,841 ~fd99e6bab9db1c71e5895a62f00.jpg
01/21/2007 06:36 PM 21 ~fe7cf3792add1c71f34bb086b00.jpd
01/21/2007 06:36 PM 1,293 ~fe7cf3792add1c71f34bb086b00.jpg
01/21/2007 06:36 PM 21 ~ff802b88f3c1c72d0436736600.jpd
01/21/2007 06:36 PM 2,713 ~ff802b88f3c1c72d0436736600.jpg
01/17/2007 06:01 PM <DIR> ~nsu.tmp
719 File(s) 69,823,118 bytes
11 Dir(s) 68,856,942,592 bytes free





Logfile of HijackThis v1.99.1
Scan saved at 4:50:16 PM, on 1/28/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\home pc\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  • 0

#34
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

Download the enclosed file. Save and extract its contents to the desktop. It is a folder containing a Batch File, DelTemp.bat . Doubleclick on the Deltemp.bat file. The MSDOS window will flash for a second. That is normal.

Restart the computer.

Run the TempDir.bat once again and post the reults in your next reply.

Create a Startup List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"

    List also minor sections (full)
    List empty sections (complete)

  • Click on the button "Generate StartupList log"
  • Save the log will you will remember
  • Copy and past the StartupList from the notepad into your next post
If the log is too long, please create a folder. Label that folder Startuplist. Save the startup list report in the newly created folder. Rightclick on the newly created folder and select Send to -> Compressed folder. That will create a .zip folder. Attach the .zip folder to a reply. (The TempDir.bat log can also be included in the newly created folder, then compress the folder)
  • 0

#35
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

Here is the Deltemp.zip folder:
  • 0

#36
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
I didnt see a log appear when i ran the deltemp.zip thing unless it was put somewhere i looked in program files but didnt see anything

StartupList report, 1/28/2007, 7:23:54 PM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\home pc\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Documents and Settings\home pc\Desktop\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\home pc\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
WinPatrol = C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\sstext3d.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\System32\LegitCheckControl.DLL
CODEBASE = http://go.microsoft....k/?linkid=39204

[YInstStarter Class]
InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://by108fd.bay10...es/MsnPUpld.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://cdn2.zone.msn...ro.cab34246.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macr...ash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
Ati HotKey Poller: %SystemRoot%\System32\Ati2evxx.exe (autostart)
ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart)
ati2mtag: System32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (autostart)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
KTalk: \??\C:\DOCUME~1\HOMEPC~1\LOCALS~1\Temp\ktalk.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nvatabus: System32\DRIVERS\nvatabus.sys (system)
Service for NVIDIA® nForce™ Audio Enumerator: system32\drivers\nvax.sys (manual start)
NVIDIA nForce Networking Controller Driver: System32\DRIVERS\NVENETFD.sys (manual start)
NVIDIA Network Bus Enumerator: System32\DRIVERS\nvnetbus.sys (manual start)
Service for NVIDIA® nForce™ Audio: system32\drivers\nvapu.sys (manual start)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2752E9E4-07E9-4C0C-8C9F-CC5B4627FE47} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\System32\tlntsvr.exe (disabled)
tmcomm: \??\C:\WINDOWS\System32\drivers\tmcomm.sys (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (disabled)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\System32\svchost.exe -k usnsvc (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 31,544 bytes
Report generated in 0.094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#37
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts

I didnt see a log appear when i ran the deltemp.zip thing unless it was put somewhere i looked in program files but didnt see anything

The deltemp.bat wont produce a log. It will delete the Temp files and folders from the computer. The TempDir.bat will. This is the file you ran prior to to the Deltemp.bat file. Run this file and post the report. I will be reviewing the log.

Edited by JSntgRvr, 28 January 2007 - 08:38 PM.

  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

Go to Start->Run, type CMD and click Ok. The MSDOS window will be displayed. At the prompt type the following and press Enter after each line:

SC Stop KTalk
SC Delete KTalk
Exit


Let me see the TempDir.bat report.
  • 0

#39
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
ok i did the commands on you asked and here is areport im not sure if its what you wanted.

Volume in drive C has no label.
Volume Serial Number is B044-6DD3

Directory of C:\Documents and Settings\home pc\Local Settings\Temp

01/29/2007 01:42 PM <DIR> .
01/29/2007 01:42 PM <DIR> ..
01/29/2007 06:35 AM 17,253 hpodvd09.log
01/29/2007 01:33 PM <DIR> MessengerCache
01/29/2007 01:42 PM <DIR> Temporary Directory 1 for TempDir.zip
01/29/2007 01:26 PM 360,448 ~DF376.tmp
01/29/2007 07:15 AM 49,152 ~DF383.tmp
01/29/2007 01:26 PM 360,448 ~DFB7D.tmp
01/29/2007 08:07 AM 32,768 ~DFB8A.tmp
5 File(s) 820,069 bytes
4 Dir(s) 70,280,065,024 bytes free

Edited by pcnoob, 29 January 2007 - 02:43 PM.

  • 0

#40
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

Yes, that was the report. Any improvement after these steps?
  • 0

#41
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
its still a little sluggish but it hasnt crashed. were all my files ok i saw some thngs in there i didnt know what they were but cant find them now but if you say threre clean ill take your word for it lol
  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

We deleted 714 files from your temp folder, and a Service. The files I see now in the TEMP folder are harmless. I would like to scan your computer for a rootkit.

Please download gmer rootkit detector from any of the following links:

Link 1
Link 2
Link 3
  • Unzip it and double click the gmer.exe file
  • Select rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Press scan
  • When it has finished press save & post back the log it makes
  • Repeat the proces with the Autostarts tab and do the same there

  • 0

#43
pcnoob

pcnoob

    Member

  • Member
  • PipPipPip
  • 118 posts
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-29 16:40:55
Windows 5.1.2600 Service Pack 1


---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
.text ntdll.dll!NtClose 77F758AA 5 Bytes JMP 72033FAA
.text ntdll.dll!NtCreateProcess 77F759F4 5 Bytes JMP 72034135
.text ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes JMP 72034019
.text ntdll.dll!NtCreateSection 77F75A21 5 Bytes JMP 72033FC8

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\MSN Messenger\msnmsgr.exe[1988] kernel32.dll!SetUnhandledExceptionFilter 77E7E5A1 9 Bytes JMP 004E12D0 C:\Program Files\MSN Messenger\msnmsgr.exe

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F1EDA85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1EDA85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1EDA85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F1EDA85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F1EDA85A] avgtdi.sys

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
ADS C:\Documents and Settings\home pc\eula.txt:SummaryInformation
ADS C:\Documents and Settings\home pc\eula.txt:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
ADS C:\Documents and Settings\home pc\Local Settings\Application Data\Microsoft\Messenger\cgordon703@comcast.net\SharingMetadata\ambeerhaze@hotmail.com\DFSR\Staging\CS{AF8719AD-0324-C281-9A0B-FDD159EC6A19}\01\12-{AF8719AD-0324-C281-9A0B-FDD159EC6A19}-v1-{294A9623-0D4F-4BB7-9A4F-EBF9034637D3}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\home pc\Local Settings\Application Data\Microsoft\Messenger\cgordon703@comcast.net\SharingMetadata\whostevec@hotmail.com\DFSR\Staging\CS{F04A6D5E-0E02-8AAB-6BB0-12F2414077D5}\01\10-{F04A6D5E-0E02-8AAB-6BB0-12F2414077D5}-v1-{294A9623-0D4F-4BB7-9A4F-EBF9034637D3}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP52\A0011481.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP54\A0011730.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP55\A0012807.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP56\A0012851.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP56\A0012906.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}
ADS C:\System Volume Information\_restore{954D5876-DF11-49B2-A4A0-62261744C8D2}\RP60\A0013296.exe:{3DFDFAEB-26F1-D920-71FC-A330510C706A}

---- EOF - GMER 1.0.12 ----





GMER 1.0.12.12011 - http://www.gmer.net
Autostart scan 2007-01-29 16:42:06
Windows 5.1.2600 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
ATI Smart /*ATI Smart*/@ = C:\WINDOWS\system32\ati2sgag.exe
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVGEMS /*AVG E-mail Scanner*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ATIPTAC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
@WinPatrolC:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe = C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\System32\wuaueng.dll = C:\WINDOWS\System32\wuaueng.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} /*TrojanHunter Menu Shell Extension*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/(null) =
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\PROGRA~1\Yahoo!\Common\ymmapi.dll = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll = C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\sstext3d.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft...p...&ar=msnhome
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk

---- EOF - GMER 1.0.12 ----
  • 0

#44
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Hi, pcnoob :whistling:

The report is negative. Check your Device Manager for conflicts. Une another Mouse, as it could also be due to hardware.
  • 0

#45
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,411 posts
Assuming the issue has been resolved, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured