Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! Need Help With HiJackThis Log [CLOSED]


  • This topic is locked This topic is locked

#1
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Member
  • PipPip
  • 35 posts
My internet is lagging big time. Theres days where my internet wont start but on my other comp it does. I can be runnning a chat server but I cant go on the internet. I am using Firefox too.

Please check and see if there is something odd here.

Logfile of HijackThis v1.99.1
Scan saved at 10:30:38 AM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\victor ceniceros\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.phoenix.a..._j2re.cab?cache
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O18 - Protocol: bw+0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please do not post duplicate topics. You have to be a little more patient here. We are all volunteers here and try to get to all the users who need our help as soon as we can...I closed your other topic.

Try uninstalling the Cox security program. Not 100% sure about this, but I have seen too many cases where it's the cause of the problem.

Then I want you to run a HijackThis scan. Check and fix ALL those O18 entries for Logitech, except for the first line (see below). Leave that line unchecked:

O18 - Protocol: bw+0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

  • 0

#3
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
thank you for helping and sorry for two of the same post.

here is my new log


Logfile of HijackThis v1.99.1
Scan saved at 3:51:10 PM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\victor ceniceros\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.phoenix.a..._j2re.cab?cache
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O18 - Protocol: bw+0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
How is it running now?

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#5
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Well I am getting a little lag when I am gaming still. I have no idea what it can be. the older computer is hooked up to the same router and it has no lag gaming. Here is a new log.

Thanks gor the help

Logfile of HijackThis v1.99.1
Scan saved at 11:53:48 PM, on 10/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\victor ceniceros\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.phoenix.a..._j2re.cab?cache
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O18 - Protocol: bw+0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Did you install or change anything before this lagging problem?

OK, try this out:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Restart your computer. Post the logs for HijackThis and Ewido.
  • 0

#7
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
The only thing I can think of is installing AIM. But the other comp runs good with it too and I install AIM in the same time.

Before I start these new procedures, what does Ewido Sercurity Suite do? Do I really need it? Is there any free ones? I know theres a trail for that one. I thought AVG was the same kind of software, is it?
  • 0

#8
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I went head and installed it anyways. Here are my logs now.

First, HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:14 PM, on 10/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Documents and Settings\victor ceniceros\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {12F9CCA0-CF5B-11D2-B606-008098809FCA} - http://www.phoenix.a..._j2re.cab?cache
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} - https://echat.us.del...t/TLIEFlash.CAB
O18 - Protocol: bw+0 - {9B9E0AF6-9A0C-4303-A8B8-2D7F7A345595} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Second, EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:46:08 PM, 10/2/2005
+ Report-Checksum: BA4C59

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
:mozilla.13:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.48:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.80:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.81:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.82:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.115:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.116:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.117:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.118:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.119:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.164:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.206:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.207:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.208:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.243:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.244:C:\Documents and Settings\victor ceniceros\Application Data\Mozilla\Firefox\Profiles\3sw5r1wr.vic\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End


Now that I have scanned everything and if there is no problems, do I turn on the realtime protection?
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Ewido is a virus/trojan scanner like AVG but it works differently (detects different things...) so keep it if you wish. They are compatible with each other. Ewido has a 14 day trial, but keep it after that, on the 15th day, it will become the free version :tazz:

Real-Time protection? For what program? If it's for the antivirus or antispyware, then sure...enable that now.

Do you still get lags? If so, then give me these two logs also:

Right click on http://www.silentrun...ent Runners.vbs and choose Save As...Save it to your Desktop. Make sure you have disabled any programs that may block/disable scripts (ex: Ad-Watch, TeaTimer, Norton, etc.). Double click on 'Silent Runners' to run it. This will take a few minutes. It will create a file called 'Startup Programs' followed by your computer name and current date. Open up that file and post all the contents here in your next post.

Download StartDreck http://www.greyknigh.../StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

  • 0

#10
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Yeah I still get a little lag but not as much as before. For the realtime protection was for the ewido program, do i turn it on?

Here are those logs:

"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"POINTER" = "point32.exe" [MS]
"ATIPTA" = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" ["ATI Technologies, Inc."]
"ATICCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime" [null data]
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~4\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\dla\tfswshx.dll" ["Sonic Solutions"]
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."]
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\victor ceniceros\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\system32\LOGON.SCR" [MS]


Startup items in "victor ceniceros" & "All Users" startup folders:
------------------------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"ATI CATALYST System Tray" -> shortcut to: "C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe SystemTray" [null data]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{182EC0BE-5110-49C8-A062-BEB1D02A220B}\ = "Adobe PDF" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
IAA Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe" ["Intel Corporation"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Webroot Spy Sweeper Engine, svcWRSSSDK, "C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe" ["Webroot Software, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 35 seconds, including 11 seconds for message boxes)

Here is the other one:


StartDreck (build 2.1.7 public stable) - 2005-10-03 @ 15:40:04 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as victor ceniceros at VMI270311

»Registry
»Run Keys
»Current User
»Run
»RunOnce
»Default User
»Run
*AVG7_Run=C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
»RunOnce
»Local Machine
»Run
*CTSysVol=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
*POINTER=point32.exe
*ATIPTA=C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
*ATICCC="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
*SpySweeper="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
*AVG7_CC=C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
+Fax/{8b15971b-5355-4c82-8c07-7e181ea07608}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
»Browser Helper Objects (LM)
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Bar=
*Search Page=http://ie.search.msn.com
*Start Page=http://www.yahoo.com/
+SearchUrl
*provider=yaho
»Default User
*Default_Page_URL=http://www.dell4me.com/myway
*First Home Page=http://www.dell4me.com/myway
*Start Page=http://www.dell4me.com/myway
»Local Machine
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Bar=
*Search Page=http://ie.search.msn.com
*Start Page=http://www.yahoo.com
*CustomizeSearch=http://ie.search.msn.com
*SearchAssistant=http://ie.search.msn.com
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\victor ceniceros\Start Menu\Programs\Startup\DESKTOP.INI
»Default User
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\WINDOWS\wininit.ini
`[Rename]
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`C:\WINDOWS\system32\dsktrf.dll=C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\WIN3F.tmp
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\CHCP.COM
*C:\WINDOWS\SYSTEM32\CHCP.COM
+C:\WINDOWS\system32\COMMAND.COM
*C:\WINDOWS\SYSTEM32\COMMAND.COM
+C:\WINDOWS\system32\DISKCOMP.COM
*C:\WINDOWS\SYSTEM32\DISKCOMP.COM
+C:\WINDOWS\system32\DISKCOPY.COM
*C:\WINDOWS\SYSTEM32\DISKCOPY.COM
+C:\WINDOWS\system32\EDIT.COM
*C:\WINDOWS\SYSTEM32\EDIT.COM
+C:\WINDOWS\system32\FORMAT.COM
*C:\WINDOWS\SYSTEM32\FORMAT.COM
+C:\WINDOWS\system32\GRAFTABL.COM
*C:\WINDOWS\SYSTEM32\GRAFTABL.COM
+C:\WINDOWS\system32\GRAPHICS.COM
*C:\WINDOWS\SYSTEM32\GRAPHICS.COM
+C:\WINDOWS\system32\KB16.COM
*C:\WINDOWS\SYSTEM32\KB16.COM
+C:\WINDOWS\system32\LOADFIX.COM
*C:\WINDOWS\SYSTEM32\LOADFIX.COM
+C:\WINDOWS\system32\MODE.COM
*C:\WINDOWS\SYSTEM32\MODE.COM
+C:\WINDOWS\system32\MORE.COM
*C:\WINDOWS\SYSTEM32\MORE.COM
+C:\WINDOWS\system32\TREE.COM
*C:\WINDOWS\SYSTEM32\TREE.COM
+C:\WINDOWS\system32\WIN.COM
*C:\WINDOWS\SYSTEM32\WIN.COM
+C:\WINDOWS\system32\ACCWIZ.EXE
*C:\WINDOWS\SYSTEM32\ACCWIZ.EXE
+C:\WINDOWS\system32\ACTMOVIE.EXE
*C:\WINDOWS\SYSTEM32\ACTMOVIE.EXE
+C:\WINDOWS\system32\AHUI.EXE
*C:\WINDOWS\SYSTEM32\AHUI.EXE
+C:\WINDOWS\system32\ALG.EXE
*C:\WINDOWS\SYSTEM32\ALG.EXE
+C:\WINDOWS\system32\APPEND.EXE
*C:\WINDOWS\SYSTEM32\APPEND.EXE
+C:\WINDOWS\system32\ARP.EXE
*C:\WINDOWS\SYSTEM32\ARP.EXE
+C:\WINDOWS\system32\asuninst.exe
*C:\WINDOWS\SYSTEM32\asuninst.exe
+C:\WINDOWS\system32\aswBoot.exe
*C:\WINDOWS\SYSTEM32\aswBoot.exe
+C:\WINDOWS\system32\AT.EXE
*C:\WINDOWS\SYSTEM32\AT.EXE
+C:\WINDOWS\system32\ati2evxx.exe
*C:\WINDOWS\SYSTEM32\ati2evxx.exe
+C:\WINDOWS\system32\Ati2mdxx.exe
*C:\WINDOWS\SYSTEM32\Ati2mdxx.exe
+C:\WINDOWS\system32\ati2sgag.exe
*C:\WINDOWS\SYSTEM32\ati2sgag.exe
+C:\WINDOWS\system32\ATMADM.EXE
*C:\WINDOWS\SYSTEM32\ATMADM.EXE
+C:\WINDOWS\system32\ATTRIB.EXE
*C:\WINDOWS\SYSTEM32\ATTRIB.EXE
+C:\WINDOWS\system32\AUDITUSR.EXE
*C:\WINDOWS\SYSTEM32\AUDITUSR.EXE
+C:\WINDOWS\system32\AUTOCHK.EXE
*C:\WINDOWS\SYSTEM32\AUTOCHK.EXE
+C:\WINDOWS\system32\AUTOCONV.EXE
*C:\WINDOWS\SYSTEM32\AUTOCONV.EXE
+C:\WINDOWS\system32\AUTOFMT.EXE
*C:\WINDOWS\SYSTEM32\AUTOFMT.EXE
+C:\WINDOWS\system32\AUTOLFN.EXE
*C:\WINDOWS\SYSTEM32\AUTOLFN.EXE
+C:\WINDOWS\system32\BLASTCLN.EXE
*C:\WINDOWS\SYSTEM32\BLASTCLN.EXE
+C:\WINDOWS\system32\BOOTOK.EXE
*C:\WINDOWS\SYSTEM32\BOOTOK.EXE
+C:\WINDOWS\system32\BOOTVRFY.EXE
*C:\WINDOWS\SYSTEM32\BOOTVRFY.EXE
+C:\WINDOWS\system32\CACLS.EXE
*C:\WINDOWS\SYSTEM32\CACLS.EXE
+C:\WINDOWS\system32\CALC.EXE
*C:\WINDOWS\SYSTEM32\CALC.EXE
+C:\WINDOWS\system32\CHARMAP.EXE
*C:\WINDOWS\SYSTEM32\CHARMAP.EXE
+C:\WINDOWS\system32\CHKDSK.EXE
*C:\WINDOWS\SYSTEM32\CHKDSK.EXE
+C:\WINDOWS\system32\CHKNTFS.EXE
*C:\WINDOWS\SYSTEM32\CHKNTFS.EXE
+C:\WINDOWS\system32\CIDAEMON.EXE
*C:\WINDOWS\SYSTEM32\CIDAEMON.EXE
+C:\WINDOWS\system32\CISVC.EXE
*C:\WINDOWS\SYSTEM32\CISVC.EXE
+C:\WINDOWS\system32\CKCNV.EXE
*C:\WINDOWS\SYSTEM32\CKCNV.EXE
+C:\WINDOWS\system32\CLEANMGR.EXE
*C:\WINDOWS\SYSTEM32\CLEANMGR.EXE
+C:\WINDOWS\system32\CLICONFG.EXE
*C:\WINDOWS\SYSTEM32\CLICONFG.EXE
+C:\WINDOWS\system32\CLIPBRD.EXE
*C:\WINDOWS\SYSTEM32\CLIPBRD.EXE
+C:\WINDOWS\system32\CLIPSRV.EXE
*C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
+C:\WINDOWS\system32\CMD.EXE
*C:\WINDOWS\SYSTEM32\CMD.EXE
+C:\WINDOWS\system32\CMDL32.EXE
*C:\WINDOWS\SYSTEM32\CMDL32.EXE
+C:\WINDOWS\system32\CMMON32.EXE
*C:\WINDOWS\SYSTEM32\CMMON32.EXE
+C:\WINDOWS\system32\CMSTP.EXE
*C:\WINDOWS\SYSTEM32\CMSTP.EXE
+C:\WINDOWS\system32\COMP.EXE
*C:\WINDOWS\SYSTEM32\COMP.EXE
+C:\WINDOWS\system32\COMPACT.EXE
*C:\WINDOWS\SYSTEM32\COMPACT.EXE
+C:\WINDOWS\system32\CONIME.EXE
*C:\WINDOWS\SYSTEM32\CONIME.EXE
+C:\WINDOWS\system32\CONTROL.EXE
*C:\WINDOWS\SYSTEM32\CONTROL.EXE
+C:\WINDOWS\system32\CONVERT.EXE
*C:\WINDOWS\SYSTEM32\CONVERT.EXE
+C:\WINDOWS\system32\CSCRIPT.EXE
*C:\WINDOWS\SYSTEM32\CSCRIPT.EXE
+C:\WINDOWS\system32\CSRSS.EXE
*C:\WINDOWS\SYSTEM32\CSRSS.EXE
+C:\WINDOWS\system32\CTFMON.EXE
*C:\WINDOWS\SYSTEM32\CTFMON.EXE
+C:\WINDOWS\system32\CTHELPER.EXE
*C:\WINDOWS\SYSTEM32\CTHELPER.EXE
+C:\WINDOWS\system32\CTSVCCDA.EXE
*C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
+C:\WINDOWS\system32\CTSVCCTL.EXE
*C:\WINDOWS\SYSTEM32\CTSVCCTL.EXE
+C:\WINDOWS\system32\DCOMCNFG.EXE
*C:\WINDOWS\SYSTEM32\DCOMCNFG.EXE
+C:\WINDOWS\system32\DDESHARE.EXE
*C:\WINDOWS\SYSTEM32\DDESHARE.EXE
+C:\WINDOWS\system32\DEBUG.EXE
*C:\WINDOWS\SYSTEM32\DEBUG.EXE
+C:\WINDOWS\system32\DEFRAG.EXE
*C:\WINDOWS\SYSTEM32\DEFRAG.EXE
+C:\WINDOWS\system32\DFRGFAT.EXE
*C:\WINDOWS\SYSTEM32\DFRGFAT.EXE
+C:\WINDOWS\system32\DFRGNTFS.EXE
*C:\WINDOWS\SYSTEM32\DFRGNTFS.EXE
+C:\WINDOWS\system32\DIANTZ.EXE
*C:\WINDOWS\SYSTEM32\DIANTZ.EXE
+C:\WINDOWS\system32\DISKPART.EXE
*C:\WINDOWS\SYSTEM32\DISKPART.EXE
+C:\WINDOWS\system32\DISKPERF.EXE
*C:\WINDOWS\SYSTEM32\DISKPERF.EXE
+C:\WINDOWS\system32\DLLHOST.EXE
*C:\WINDOWS\SYSTEM32\DLLHOST.EXE
+C:\WINDOWS\system32\DLLHST3G.EXE
*C:\WINDOWS\SYSTEM32\DLLHST3G.EXE
+C:\WINDOWS\system32\DMADMIN.EXE
*C:\WINDOWS\SYSTEM32\DMADMIN.EXE
+C:\WINDOWS\system32\DMREMOTE.EXE
*C:\WINDOWS\SYSTEM32\DMREMOTE.EXE
+C:\WINDOWS\system32\DOSKEY.EXE
*C:\WINDOWS\SYSTEM32\DOSKEY.EXE
+C:\WINDOWS\system32\DOSX.EXE
*C:\WINDOWS\SYSTEM32\DOSX.EXE
+C:\WINDOWS\system32\DPLAYSVR.EXE
*C:\WINDOWS\SYSTEM32\DPLAYSVR.EXE
+C:\WINDOWS\system32\DPNSVR.EXE
*C:\WINDOWS\SYSTEM32\DPNSVR.EXE
+C:\WINDOWS\system32\DPVSETUP.EXE
*C:\WINDOWS\SYSTEM32\DPVSETUP.EXE
+C:\WINDOWS\system32\DRWATSON.EXE
*C:\WINDOWS\SYSTEM32\DRWATSON.EXE
+C:\WINDOWS\system32\DRWTSN32.EXE
*C:\WINDOWS\SYSTEM32\DRWTSN32.EXE
+C:\WINDOWS\system32\DUMPREP.EXE
*C:\WINDOWS\SYSTEM32\DUMPREP.EXE
+C:\WINDOWS\system32\DVDPLAY.EXE
*C:\WINDOWS\SYSTEM32\DVDPLAY.EXE
+C:\WINDOWS\system32\DVDUPGRD.EXE
*C:\WINDOWS\SYSTEM32\DVDUPGRD.EXE
+C:\WINDOWS\system32\DWWIN.EXE
*C:\WINDOWS\SYSTEM32\DWWIN.EXE
+C:\WINDOWS\system32\DXDIAG.EXE
*C:\WINDOWS\SYSTEM32\DXDIAG.EXE
+C:\WINDOWS\system32\EAL.EXE
*C:\WINDOWS\SYSTEM32\EAL.EXE
+C:\WINDOWS\system32\EDLIN.EXE
*C:\WINDOWS\SYSTEM32\EDLIN.EXE
+C:\WINDOWS\system32\ESENTUTL.EXE
*C:\WINDOWS\SYSTEM32\ESENTUTL.EXE
+C:\WINDOWS\system32\EUDCEDIT.EXE
*C:\WINDOWS\SYSTEM32\EUDCEDIT.EXE
+C:\WINDOWS\system32\EVENTVWR.EXE
*C:\WINDOWS\SYSTEM32\EVENTVWR.EXE
+C:\WINDOWS\system32\EXE2BIN.EXE
*C:\WINDOWS\SYSTEM32\EXE2BIN.EXE
+C:\WINDOWS\system32\EXPAND.EXE
*C:\WINDOWS\SYSTEM32\EXPAND.EXE
+C:\WINDOWS\system32\EXTRAC32.EXE
*C:\WINDOWS\SYSTEM32\EXTRAC32.EXE
+C:\WINDOWS\system32\FASTOPEN.EXE
*C:\WINDOWS\SYSTEM32\FASTOPEN.EXE
+C:\WINDOWS\system32\FC.EXE
*C:\WINDOWS\SYSTEM32\FC.EXE
+C:\WINDOWS\system32\FIND.EXE
*C:\WINDOWS\SYSTEM32\FIND.EXE
+C:\WINDOWS\system32\FINDSTR.EXE
*C:\WINDOWS\SYSTEM32\FINDSTR.EXE
+C:\WINDOWS\system32\FINGER.EXE
*C:\WINDOWS\SYSTEM32\FINGER.EXE
+C:\WINDOWS\system32\FIXMAPI.EXE
*C:\WINDOWS\SYSTEM32\FIXMAPI.EXE
+C:\WINDOWS\system32\fltMc.exe
*C:\WINDOWS\SYSTEM32\fltMc.exe
+C:\WINDOWS\system32\FONTVIEW.EXE
*C:\WINDOWS\SYSTEM32\FONTVIEW.EXE
+C:\WINDOWS\system32\FORCEDOS.EXE
*C:\WINDOWS\SYSTEM32\FORCEDOS.EXE
+C:\WINDOWS\system32\FREECELL.EXE
*C:\WINDOWS\SYSTEM32\FREECELL.EXE
+C:\WINDOWS\system32\FSQUIRT.EXE
*C:\WINDOWS\SYSTEM32\FSQUIRT.EXE
+C:\WINDOWS\system32\FSUTIL.EXE
*C:\WINDOWS\SYSTEM32\FSUTIL.EXE
+C:\WINDOWS\system32\FTP.EXE
*C:\WINDOWS\SYSTEM32\FTP.EXE
+C:\WINDOWS\system32\FXSCLNT.EXE
*C:\WINDOWS\SYSTEM32\FXSCLNT.EXE
+C:\WINDOWS\system32\FXSCOVER.EXE
*C:\WINDOWS\SYSTEM32\FXSCOVER.EXE
+C:\WINDOWS\system32\FXSSEND.EXE
*C:\WINDOWS\SYSTEM32\FXSSEND.EXE
+C:\WINDOWS\system32\FXSSVC.EXE
*C:\WINDOWS\SYSTEM32\FXSSVC.EXE
+C:\WINDOWS\system32\GDI.EXE
*C:\WINDOWS\SYSTEM32\GDI.EXE
+C:\WINDOWS\system32\GRPCONV.EXE
*C:\WINDOWS\SYSTEM32\GRPCONV.EXE
+C:\WINDOWS\system32\HELP.EXE
*C:\WINDOWS\SYSTEM32\HELP.EXE
+C:\WINDOWS\system32\HOSTNAME.EXE
*C:\WINDOWS\SYSTEM32\HOSTNAME.EXE
+C:\WINDOWS\system32\IE4UINIT.EXE
*C:\WINDOWS\SYSTEM32\IE4UINIT.EXE
+C:\WINDOWS\system32\IEXPRESS.EXE
*C:\WINDOWS\SYSTEM32\IEXPRESS.EXE
+C:\WINDOWS\system32\IMAPI.EXE
*C:\WINDOWS\SYSTEM32\IMAPI.EXE
+C:\WINDOWS\system32\IPCONFIG.EXE
*C:\WINDOWS\SYSTEM32\IPCONFIG.EXE
+C:\WINDOWS\system32\IPSEC6.EXE
*C:\WINDOWS\SYSTEM32\IPSEC6.EXE
+C:\WINDOWS\system32\IPV6.EXE
*C:\WINDOWS\SYSTEM32\IPV6.EXE
+C:\WINDOWS\system32\IPXROUTE.EXE
*C:\WINDOWS\SYSTEM32\IPXROUTE.EXE
+C:\WINDOWS\system32\java.exe
*C:\WINDOWS\SYSTEM32\java.exe
+C:\WINDOWS\system32\javaw.exe
*C:\WINDOWS\SYSTEM32\javaw.exe
+C:\WINDOWS\system32\javaws.exe
*C:\WINDOWS\SYSTEM32\javaws.exe
+C:\WINDOWS\system32\KILLAPPS.EXE
*C:\WINDOWS\SYSTEM32\KILLAPPS.EXE
+C:\WINDOWS\system32\KRNL386.EXE
*C:\WINDOWS\SYSTEM32\KRNL386.EXE
+C:\WINDOWS\system32\LABEL.EXE
*C:\WINDOWS\SYSTEM32\LABEL.EXE
+C:\WINDOWS\system32\LEXBCES.EXE
*C:\WINDOWS\SYSTEM32\LEXBCES.EXE
+C:\WINDOWS\system32\LEXPPS.EXE
*C:\WINDOWS\SYSTEM32\LEXPPS.EXE
+C:\WINDOWS\system32\LIGHTS.EXE
*C:\WINDOWS\SYSTEM32\LIGHTS.EXE
+C:\WINDOWS\system32\LNKSTUB.EXE
*C:\WINDOWS\SYSTEM32\LNKSTUB.EXE
+C:\WINDOWS\system32\LOCATOR.EXE
*C:\WINDOWS\SYSTEM32\LOCATOR.EXE
+C:\WINDOWS\system32\LODCTR.EXE
*C:\WINDOWS\SYSTEM32\LODCTR.EXE
+C:\WINDOWS\system32\logagent.exe
*C:\WINDOWS\SYSTEM32\logagent.exe
+C:\WINDOWS\system32\LOGMAN.EXE
*C:\WINDOWS\SYSTEM32\LOGMAN.EXE
+C:\WINDOWS\system32\LOGOFF.EXE
*C:\WINDOWS\SYSTEM32\LOGOFF.EXE
+C:\WINDOWS\system32\LOGONUI.EXE
*C:\WINDOWS\SYSTEM32\LOGONUI.EXE
+C:\WINDOWS\system32\LPQ.EXE
*C:\WINDOWS\SYSTEM32\LPQ.EXE
+C:\WINDOWS\system32\LPR.EXE
*C:\WINDOWS\SYSTEM32\LPR.EXE
+C:\WINDOWS\system32\LSASS.EXE
*C:\WINDOWS\SYSTEM32\LSASS.EXE
+C:\WINDOWS\system32\MAGNIFY.EXE
*C:\WINDOWS\SYSTEM32\MAGNIFY.EXE
+C:\WINDOWS\system32\MAKECAB.EXE
*C:\WINDOWS\SYSTEM32\MAKECAB.EXE
+C:\WINDOWS\system32\MEM.EXE
*C:\WINDOWS\SYSTEM32\MEM.EXE
+C:\WINDOWS\system32\MIGPWD.EXE
*C:\WINDOWS\SYSTEM32\MIGPWD.EXE
+C:\WINDOWS\system32\MMC.EXE
*C:\WINDOWS\SYSTEM32\MMC.EXE
+C:\WINDOWS\system32\MNMSRVC.EXE
*C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
+C:\WINDOWS\system32\MOBSYNC.EXE
*C:\WINDOWS\SYSTEM32\MOBSYNC.EXE
+C:\WINDOWS\system32\MOUNTVOL.EXE
*C:\WINDOWS\SYSTEM32\MOUNTVOL.EXE
+C:\WINDOWS\system32\MPLAY32.EXE
*C:\WINDOWS\SYSTEM32\MPLAY32.EXE
+C:\WINDOWS\system32\MPNOTIFY.EXE
*C:\WINDOWS\SYSTEM32\MPNOTIFY.EXE
+C:\WINDOWS\system32\MRINFO.EXE
*C:\WINDOWS\SYSTEM32\MRINFO.EXE
+C:\WINDOWS\system32\MRT.exe
*C:\WINDOWS\SYSTEM32\MRT.exe
+C:\WINDOWS\system32\MSCDEXNT.EXE
*C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
+C:\WINDOWS\system32\MSDTC.EXE
*C:\WINDOWS\SYSTEM32\MSDTC.EXE
+C:\WINDOWS\system32\MSG.EXE
*C:\WINDOWS\SYSTEM32\MSG.EXE
+C:\WINDOWS\system32\MSHEARTS.EXE
*C:\WINDOWS\SYSTEM32\MSHEARTS.EXE
+C:\WINDOWS\system32\MSHTA.EXE
*C:\WINDOWS\SYSTEM32\MSHTA.EXE
+C:\WINDOWS\system32\msiexec.exe
*C:\WINDOWS\SYSTEM32\msiexec.exe
+C:\WINDOWS\system32\MSPAINT.EXE
*C:\WINDOWS\SYSTEM32\MSPAINT.EXE
+C:\WINDOWS\system32\MSSWCHX.EXE
*C:\WINDOWS\SYSTEM32\MSSWCHX.EXE
+C:\WINDOWS\system32\MSTINIT.EXE
*C:\WINDOWS\SYSTEM32\MSTINIT.EXE
+C:\WINDOWS\system32\MSTSC.EXE
*C:\WINDOWS\SYSTEM32\MSTSC.EXE
+C:\WINDOWS\system32\NARRATOR.EXE
*C:\WINDOWS\SYSTEM32\NARRATOR.EXE
+C:\WINDOWS\system32\NBTSTAT.EXE
*C:\WINDOWS\SYSTEM32\NBTSTAT.EXE
+C:\WINDOWS\system32\NDDEAPIR.EXE
*C:\WINDOWS\SYSTEM32\NDDEAPIR.EXE
+C:\WINDOWS\system32\NET.EXE
*C:\WINDOWS\SYSTEM32\NET.EXE
+C:\WINDOWS\system32\NET1.EXE
*C:\WINDOWS\SYSTEM32\NET1.EXE
+C:\WINDOWS\system32\NETDDE.EXE
*C:\WINDOWS\SYSTEM32\NETDDE.EXE
+C:\WINDOWS\system32\NETSETUP.EXE
*C:\WINDOWS\SYSTEM32\NETSETUP.EXE
+C:\WINDOWS\system32\NETSH.EXE
*C:\WINDOWS\SYSTEM32\NETSH.EXE
+C:\WINDOWS\system32\NETSTAT.EXE
*C:\WINDOWS\SYSTEM32\NETSTAT.EXE
+C:\WINDOWS\system32\NLSFUNC.EXE
*C:\WINDOWS\SYSTEM32\NLSFUNC.EXE
+C:\WINDOWS\system32\NOTEPAD.EXE
*C:\WINDOWS\NOTEPAD.EXE
*C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
+C:\WINDOWS\system32\NSLOOKUP.EXE
*C:\WINDOWS\SYSTEM32\NSLOOKUP.EXE
+C:\WINDOWS\system32\ntkrnlpa.exe
*C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
+C:\WINDOWS\system32\ntoskrnl.exe
*C:\WINDOWS\SYSTEM32\ntoskrnl.exe
+C:\WINDOWS\system32\NTSD.EXE
*C:\WINDOWS\SYSTEM32\NTSD.EXE
+C:\WINDOWS\system32\NTVDM.EXE
*C:\WINDOWS\SYSTEM32\NTVDM.EXE
+C:\WINDOWS\system32\ODBCAD32.EXE
*C:\WINDOWS\SYSTEM32\ODBCAD32.EXE
+C:\WINDOWS\system32\ODBCCONF.EXE
*C:\WINDOWS\SYSTEM32\ODBCCONF.EXE
+C:\WINDOWS\system32\OSK.EXE
*C:\WINDOWS\SYSTEM32\OSK.EXE
+C:\WINDOWS\system32\OSUNINST.EXE
*C:\WINDOWS\SYSTEM32\OSUNINST.EXE
+C:\WINDOWS\system32\PACKAGER.EXE
*C:\WINDOWS\SYSTEM32\PACKAGER.EXE
+C:\WINDOWS\system32\PATHPING.EXE
*C:\WINDOWS\SYSTEM32\PATHPING.EXE
+C:\WINDOWS\system32\pcpbios.exe
*C:\WINDOWS\SYSTEM32\pcpbios.exe
+C:\WINDOWS\system32\PENTNT.EXE
*C:\WINDOWS\SYSTEM32\PENTNT.EXE
+C:\WINDOWS\system32\PERFMON.EXE
*C:\WINDOWS\SYSTEM32\PERFMON.EXE
+C:\WINDOWS\system32\PING.EXE
*C:\WINDOWS\SYSTEM32\PING.EXE
+C:\WINDOWS\system32\PING6.EXE
*C:\WINDOWS\SYSTEM32\PING6.EXE
+C:\WINDOWS\system32\POWERCFG.EXE
*C:\WINDOWS\SYSTEM32\POWERCFG.EXE
+C:\WINDOWS\system32\PRINT.EXE
*C:\WINDOWS\SYSTEM32\PRINT.EXE
+C:\WINDOWS\system32\PROGMAN.EXE
*C:\WINDOWS\SYSTEM32\PROGMAN.EXE
+C:\WINDOWS\system32\PROQUOTA.EXE
*C:\WINDOWS\SYSTEM32\PROQUOTA.EXE
+C:\WINDOWS\system32\PROXYCFG.EXE
*C:\WINDOWS\SYSTEM32\PROXYCFG.EXE
+C:\WINDOWS\system32\QAPPSRV.EXE
*C:\WINDOWS\SYSTEM32\QAPPSRV.EXE
+C:\WINDOWS\system32\QPROCESS.EXE
*C:\WINDOWS\SYSTEM32\QPROCESS.EXE
+C:\WINDOWS\system32\QWINSTA.EXE
*C:\WINDOWS\SYSTEM32\QWINSTA.EXE
+C:\WINDOWS\system32\RASAUTOU.EXE
*C:\WINDOWS\SYSTEM32\RASAUTOU.EXE
+C:\WINDOWS\system32\RASDIAL.EXE
*C:\WINDOWS\SYSTEM32\RASDIAL.EXE
+C:\WINDOWS\system32\RASPHONE.EXE
*C:\WINDOWS\SYSTEM32\RASPHONE.EXE
+C:\WINDOWS\system32\RCIMLBY.EXE
*C:\WINDOWS\SYSTEM32\RCIMLBY.EXE
+C:\WINDOWS\system32\RCP.EXE
*C:\WINDOWS\SYSTEM32\RCP.EXE
+C:\WINDOWS\system32\RDPCLIP.EXE
*C:\WINDOWS\SYSTEM32\RDPCLIP.EXE
+C:\WINDOWS\system32\RDSADDIN.EXE
*C:\WINDOWS\SYSTEM32\RDSADDIN.EXE
+C:\WINDOWS\system32\RDSHOST.EXE
*C:\WINDOWS\SYSTEM32\RDSHOST.EXE
+C:\WINDOWS\system32\RECOVER.EXE
*C:\WINDOWS\SYSTEM32\RECOVER.EXE
+C:\WINDOWS\system32\REDIR.EXE
*C:\WINDOWS\SYSTEM32\REDIR.EXE
+C:\WINDOWS\system32\REG.EXE
*C:\WINDOWS\SYSTEM32\REG.EXE
+C:\WINDOWS\system32\REGEDT32.EXE
*C:\WINDOWS\SYSTEM32\REGEDT32.EXE
+C:\WINDOWS\system32\REGINI.EXE
*C:\WINDOWS\SYSTEM32\REGINI.EXE
+C:\WINDOWS\system32\REGPLIB.EXE
*C:\WINDOWS\SYSTEM32\REGPLIB.EXE
+C:\WINDOWS\system32\REGSVR32.EXE
*C:\WINDOWS\SYSTEM32\REGSVR32.EXE
+C:\WINDOWS\system32\REGWIZ.EXE
*C:\WINDOWS\SYSTEM32\REGWIZ.EXE
+C:\WINDOWS\system32\REPLACE.EXE
*C:\WINDOWS\SYSTEM32\REPLACE.EXE
+C:\WINDOWS\system32\RESET.EXE
*C:\WINDOWS\SYSTEM32\RESET.EXE
+C:\WINDOWS\system32\REXEC.EXE
*C:\WINDOWS\SYSTEM32\REXEC.EXE
+C:\WINDOWS\system32\ROUTE.EXE
*C:\WINDOWS\SYSTEM32\ROUTE.EXE
+C:\WINDOWS\system32\ROUTEMON.EXE
*C:\WINDOWS\SYSTEM32\ROUTEMON.EXE
+C:\WINDOWS\system32\RSH.EXE
*C:\WINDOWS\SYSTEM32\RSH.EXE
+C:\WINDOWS\system32\RSM.EXE
*C:\WINDOWS\SYSTEM32\RSM.EXE
+C:\WINDOWS\system32\RSMSINK.EXE
*C:\WINDOWS\SYSTEM32\RSMSINK.EXE
+C:\WINDOWS\system32\RSMUI.EXE
*C:\WINDOWS\SYSTEM32\RSMUI.EXE
+C:\WINDOWS\system32\RSVP.EXE
*C:\WINDOWS\SYSTEM32\RSVP.EXE
+C:\WINDOWS\system32\RTCSHARE.EXE
*C:\WINDOWS\SYSTEM32\RTCSHARE.EXE
+C:\WINDOWS\system32\RUNAS.EXE
*C:\WINDOWS\SYSTEM32\RUNAS.EXE
+C:\WINDOWS\system32\RUNDLL32.EXE
*C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
+C:\WINDOWS\system32\RUNONCE.EXE
*C:\WINDOWS\SYSTEM32\RUNONCE.EXE
+C:\WINDOWS\system32\RWINSTA.EXE
*C:\WINDOWS\SYSTEM32\RWINSTA.EXE
+C:\WINDOWS\system32\SAVEDUMP.EXE
*C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE
+C:\WINDOWS\system32\SC.EXE
*C:\WINDOWS\SYSTEM32\SC.EXE
+C:\WINDOWS\system32\SCARDSVR.EXE
*C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
+C:\WINDOWS\system32\SDBINST.EXE
*C:\WINDOWS\SYSTEM32\SDBINST.EXE
+C:\WINDOWS\system32\SERVICES.EXE
*C:\WINDOWS\SYSTEM32\SERVICES.EXE
+C:\WINDOWS\system32\SESSMGR.EXE
*C:\WINDOWS\SYSTEM32\SESSMGR.EXE
+C:\WINDOWS\system32\SETHC.EXE
*C:\WINDOWS\SYSTEM32\SETHC.EXE
+C:\WINDOWS\system32\SETUP.EXE
*C:\WINDOWS\SYSTEM32\SETUP.EXE
+C:\WINDOWS\system32\SETVER.EXE
*C:\WINDOWS\SYSTEM32\SETVER.EXE
+C:\WINDOWS\system32\SFC.EXE
*C:\WINDOWS\SYSTEM32\SFC.EXE
+C:\WINDOWS\system32\SHADOW.EXE
*C:\WINDOWS\SYSTEM32\SHADOW.EXE
+C:\WINDOWS\system32\SHARE.EXE
*C:\WINDOWS\SYSTEM32\SHARE.EXE
+C:\WINDOWS\system32\SHMGRATE.EXE
*C:\WINDOWS\SYSTEM32\SHMGRATE.EXE
+C:\WINDOWS\system32\SHRPUBW.EXE
*C:\WINDOWS\SYSTEM32\SHRPUBW.EXE
+C:\WINDOWS\system32\SHUTDOWN.EXE
*C:\WINDOWS\SYSTEM32\SHUTDOWN.EXE
+C:\WINDOWS\system32\SIGVERIF.EXE
*C:\WINDOWS\SYSTEM32\SIGVERIF.EXE
+C:\WINDOWS\system32\SKEYS.EXE
*C:\WINDOWS\SYSTEM32\SKEYS.EXE
+C:\WINDOWS\system32\SMBINST.EXE
*C:\WINDOWS\SYSTEM32\SMBINST.EXE
+C:\WINDOWS\system32\SMLOGSVC.EXE
*C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
+C:\WINDOWS\system32\SMSS.EXE
*C:\WINDOWS\SYSTEM32\SMSS.EXE
+C:\WINDOWS\system32\SNDREC32.EXE
*C:\WINDOWS\SYSTEM32\SNDREC32.EXE
+C:\WINDOWS\system32\SNDVOL32.EXE
*C:\WINDOWS\SYSTEM32\SNDVOL32.EXE
+C:\WINDOWS\system32\SOL.EXE
*C:\WINDOWS\SYSTEM32\SOL.EXE
+C:\WINDOWS\system32\SORT.EXE
*C:\WINDOWS\SYSTEM32\SORT.EXE
+C:\WINDOWS\system32\SPIDER.EXE
*C:\WINDOWS\SYSTEM32\SPIDER.EXE
+C:\WINDOWS\system32\SPNPINST.EXE
*C:\WINDOWS\SYSTEM32\SPNPINST.EXE
+C:\WINDOWS\system32\spoolsv.exe
*C:\WINDOWS\SYSTEM32\spoolsv.exe
+C:\WINDOWS\system32\SPRESTRT.EXE
*C:\WINDOWS\SYSTEM32\SPRESTRT.EXE
+C:\WINDOWS\system32\spupdsvc.exe
*C:\WINDOWS\SYSTEM32\spupdsvc.exe
+C:\WINDOWS\system32\STIMON.EXE
*C:\WINDOWS\SYSTEM32\STIMON.EXE
+C:\WINDOWS\system32\SUBST.EXE
*C:\WINDOWS\SYSTEM32\SUBST.EXE
+C:\WINDOWS\system32\SVCHOST.EXE
*C:\WINDOWS\SYSTEM32\SVCHOST.EXE
+C:\WINDOWS\system32\SYNCAPP.EXE
*C:\WINDOWS\SYSTEM32\SYNCAPP.EXE
+C:\WINDOWS\system32\SYSEDIT.EXE
*C:\WINDOWS\SYSTEM32\SYSEDIT.EXE
+C:\WINDOWS\system32\SYSKEY.EXE
*C:\WINDOWS\SYSTEM32\SYSKEY.EXE
+C:\WINDOWS\system32\SYSOCMGR.EXE
*C:\WINDOWS\SYSTEM32\SYSOCMGR.EXE
+C:\WINDOWS\system32\SYSTRAY.EXE
*C:\WINDOWS\SYSTEM32\SYSTRAY.EXE
+C:\WINDOWS\system32\TASKMAN.EXE
*C:\WINDOWS\TASKMAN.EXE
*C:\WINDOWS\SYSTEM32\TASKMAN.EXE
+C:\WINDOWS\system32\TASKMGR.EXE
*C:\WINDOWS\SYSTEM32\TASKMGR.EXE
+C:\WINDOWS\system32\TCMSETUP.EXE
*C:\WINDOWS\SYSTEM32\TCMSETUP.EXE
+C:\WINDOWS\system32\TCPSVCS.EXE
*C:\WINDOWS\SYSTEM32\TCPSVCS.EXE
+C:\WINDOWS\system32\telnet.exe
*C:\WINDOWS\SYSTEM32\telnet.exe
+C:\WINDOWS\system32\TFTP.EXE
*C:\WINDOWS\SYSTEM32\TFTP.EXE
+C:\WINDOWS\system32\tourstart.exe
*C:\WINDOWS\SYSTEM32\tourstart.exe
+C:\WINDOWS\system32\TRACERT.EXE
*C:\WINDOWS\SYSTEM32\TRACERT.EXE
+C:\WINDOWS\system32\TRACERT6.EXE
*C:\WINDOWS\SYSTEM32\TRACERT6.EXE
+C:\WINDOWS\system32\TSCON.EXE
*C:\WINDOWS\SYSTEM32\TSCON.EXE
+C:\WINDOWS\system32\TSCUPGRD.EXE
*C:\WINDOWS\SYSTEM32\TSCUPGRD.EXE
+C:\WINDOWS\system32\TSDISCON.EXE
*C:\WINDOWS\SYSTEM32\TSDISCON.EXE
+C:\WINDOWS\system32\TSKILL.EXE
*C:\WINDOWS\SYSTEM32\TSKILL.EXE
+C:\WINDOWS\system32\TSSHUTDN.EXE
*C:\WINDOWS\SYSTEM32\TSSHUTDN.EXE
+C:\WINDOWS\system32\UNLODCTR.EXE
*C:\WINDOWS\SYSTEM32\UNLODCTR.EXE
+C:\WINDOWS\system32\UPNPCONT.EXE
*C:\WINDOWS\SYSTEM32\UPNPCONT.EXE
+C:\WINDOWS\system32\UPS.EXE
*C:\WINDOWS\SYSTEM32\UPS.EXE
+C:\WINDOWS\system32\USER.EXE
*C:\WINDOWS\SYSTEM32\USER.EXE
+C:\WINDOWS\system32\USERINIT.EXE
*C:\WINDOWS\SYSTEM32\USERINIT.EXE
+C:\WINDOWS\system32\USRMLNKA.EXE
*C:\WINDOWS\SYSTEM32\USRMLNKA.EXE
+C:\WINDOWS\system32\USRPRBDA.EXE
*C:\WINDOWS\SYSTEM32\USRPRBDA.EXE
+C:\WINDOWS\system32\USRSHUTA.EXE
*C:\WINDOWS\SYSTEM32\USRSHUTA.EXE
+C:\WINDOWS\system32\UTILMAN.EXE
*C:\WINDOWS\SYSTEM32\UTILMAN.EXE
+C:\WINDOWS\system32\uwdf.exe
*C:\WINDOWS\SYSTEM32\uwdf.exe
+C:\WINDOWS\system32\VERIFIER.EXE
*C:\WINDOWS\SYSTEM32\VERIFIER.EXE
+C:\WINDOWS\system32\VSSADMIN.EXE
*C:\WINDOWS\SYSTEM32\VSSADMIN.EXE
+C:\WINDOWS\system32\VSSVC.EXE
*C:\WINDOWS\SYSTEM32\VSSVC.EXE
+C:\WINDOWS\system32\W32TM.EXE
*C:\WINDOWS\SYSTEM32\W32TM.EXE
+C:\WINDOWS\system32\wdfmgr.exe
*C:\WINDOWS\SYSTEM32\wdfmgr.exe
+C:\WINDOWS\system32\WEXTRACT.EXE
*C:\WINDOWS\SYSTEM32\WEXTRACT.EXE
+C:\WINDOWS\system32\WIAACMGR.EXE
*C:\WINDOWS\SYSTEM32\WIAACMGR.EXE
+C:\WINDOWS\system32\WINCHAT.EXE
*C:\WINDOWS\SYSTEM32\WINCHAT.EXE
+C:\WINDOWS\system32\WINHLP32.EXE
*C:\WINDOWS\WINHLP32.EXE
*C:\WINDOWS\SYSTEM32\WINHLP32.EXE
+C:\WINDOWS\system32\WINLOGON.EXE
*C:\WINDOWS\SYSTEM32\WINLOGON.EXE
+C:\WINDOWS\system32\WINMINE.EXE
*C:\WINDOWS\SYSTEM32\WINMINE.EXE
+C:\WINDOWS\system32\WINMSD.EXE
*C:\WINDOWS\SYSTEM32\WINMSD.EXE
+C:\WINDOWS\system32\WINSPOOL.EXE
*C:\WINDOWS\SYSTEM32\WINSPOOL.EXE
+C:\WINDOWS\system32\WINVER.EXE
*C:\WINDOWS\SYSTEM32\WINVER.EXE
+C:\WINDOWS\system32\WISPTIS.EXE
*C:\WINDOWS\SYSTEM32\WISPTIS.EXE
+C:\WINDOWS\system32\WOWDEB.EXE
*C:\WINDOWS\SYSTEM32\WOWDEB.EXE
+C:\WINDOWS\system32\WOWEXEC.EXE
*C:\WINDOWS\SYSTEM32\WOWEXEC.EXE
+C:\WINDOWS\system32\WPABALN.EXE
*C:\WINDOWS\SYSTEM32\WPABALN.EXE
+C:\WINDOWS\system32\WPNPINST.EXE
*C:\WINDOWS\SYSTEM32\WPNPINST.EXE
+C:\WINDOWS\system32\WRITE.EXE
*C:\WINDOWS\SYSTEM32\WRITE.EXE
+C:\WINDOWS\system32\WSCNTFY.EXE
*C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
+C:\WINDOWS\system32\WSCRIPT.EXE
*C:\WINDOWS\SYSTEM32\WSCRIPT.EXE
+C:\WINDOWS\system32\wuauclt.exe
*C:\WINDOWS\SYSTEM32\wuauclt.exe
+C:\WINDOWS\system32\wuauclt1.exe
*C:\WINDOWS\SYSTEM32\wuauclt1.exe
+C:\WINDOWS\system32\WUPDMGR.EXE
*C:\WINDOWS\SYSTEM32\WUPDMGR.EXE
+C:\WINDOWS\system32\XCOPY.EXE
*C:\WINDOWS\SYSTEM32\XCOPY.EXE
+C:\WINDOWS\system32\USRLOGON.CMD
*C:\WINDOWS\SYSTEM32\USRLOGON.CMD
+C:\WINDOWS\system32\PUBPRN.VBS
*C:\WINDOWS\SYSTEM32\PUBPRN.VBS
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User
  • 0

Advertisements


#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You may turn on Ewido's real time protection if you wish. No harm there...unless it causes more lags :tazz:

Go to C:\WINDOWS\ and double click on wininit.ini to open it up in Notepad. Delete all the below lines:

`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`C:\WINDOWS\system32\dsktrf.dll=C:\DOCUME~1\VICTOR~1\LOCALS~1\Temp\WIN3F.tmp
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=
`NUL=


Save the file and close it.

Delete this file if found -> C:\WINDOWS\system32\dsktrf.dll

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Restart. See if that will take care of it.

Not sure what else could be causing the lags. How much memory/ram do you have on this machine? And does it only lag on the games? What games?
  • 0

#12
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I have 1GB DDR2 SDRAM at 533MHz. Click on my name and there are specs of my computer.

I still get massive lag when I am gaming. I play Call of Duty UO. Sometimes I ping out and my teamspeak server will disconnect. But yesterday I was having lag and my ts server only disconnected one player. When I am surfing the web, it sometimes takes about 30 seconds or longer to load up or come on the screen. I have no idea what this can be.

Also, I dont know if you can help me with this, but after I did all the scans you told me to do. On XFIRE my info box on the right is just a blank white box. It doesnt show any info. I went to there forum page and they havent found a way to fix it. Maybe you can figure somethnig out since you know all the scan I went though.

One last thing, I did a panda scan on there web site and found the following:

Incident Status Location

Adware:adware/bookedspace No disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf
Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download CWShredder at http://www.greyknigh.../CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Delete these files:

C:\WINDOWS\cfgmgr52.ini
C:\WINDOWS\Downloaded Program Files\install.inf
C:\WINDOWS\SYSTEM32\bose.ico


So it only happens when you are gaming? Are you connected to a gaming server or maybe hosting one?

This is most likely some network problem. Try resetting your modem/router. Else, ask this question in the Networking forum. I don't think it's spyware related anymore.

Run another Panda scan to see if it detects anything else. If not:

Your log is clean.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#14
o|-| c|-|uTe

o|-| c|-|uTe

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
I am still having lag problems :tazz:

I did that panda scan again and it found this:


Incident Status Location

Adware:adware/quicksearch No disinfected C:\WINDOWS\Downloaded Program Files\install.inf

I cant find that one and delete it.

About my network connections I did post a thread about my problem, so maybe they might see something work on the way I have things hooked up.

So how do I find that file and get rid of it?

Edited by o|-| c|-|uTe, 06 October 2005 - 07:48 PM.

  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
This should get rid of it:

Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with a red circle and white X. Confirm to delete and when asked if you want to reboot, say Yes:

C:\WINDOWS\Downloaded Program Files\install.inf

If you get a PendingOperations message, just close it and restart your computer manually.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP