please help key-logger/spyware suspected!

angelawafcangelawafc
edited November 2004 in Science & Tech
Call me paranoid, but i need your help! i reckon that theres is some form of key logger on my system as i have noticed that if a lot of my web accounts that require different user name and passwords ie, bank, hotmail, various forums have been accessed at times when i simply couldn't of accessed them. can anyone please help me discover if this is the case or not as i dont know where to start! Would a hijack this log help maybe? i dunno! I have installed and ran search and destroy and spyware doc, but with no luck.
Dunno if this is related, but recently when i have gone to delete my history it simply will not delete, no matter how amy times i try. it seems to have done until you restart IE!!
Other than changing all my passwords, but if someone has a keylogger on here i suppose i would be back to square one anyway eh? arrrggghhhh!!!
Any help is much much apreciated in advance, i am a complete novice so please go easy on me!!
Angela

added a hijack this log anyway for you knowledgeable folks!

Logfile of HijackThis v1.98.2
Scan saved at 14:13:58, on 25/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\keyhook.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\WINNT\System32\winmplayer.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\WINNT\SYSCFG16.EXE
C:\WINNT\System32\RunDll32.exe
C:\WINNT\System32\wiupdat.exe
C:\WINNT\System32\Sound.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINNT\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINNT\System32\PAL\KLP\svchost.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AMD\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINNT\System32\PAL\KLP\ieguard.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Windows media services] cvrsss.exe
O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [win-update] wiupdat.exe
O4 - HKLM\..\Run: [Microsoft Server Application] Sound.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows logging] winlogd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [Windows media services] cvrsss.exe
O4 - HKLM\..\RunServices: [win-update] wiupdat.exe
O4 - HKLM\..\RunServices: [Microsoft Server Application] Sound.exe
O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [win-update] wiupdat.exe
O4 - HKCU\..\Run: [Microsoft Server Application] Sound.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: C:\WINNT\System32\?hkntfs.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Windows logging] winlogd.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e0863aa3b8b018917/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited October 2004
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows media services] cvrsss.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [win-update] wiupdat.exe
    O4 - HKLM\..\Run: [Microsoft Server Application] Sound.exe
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
    O4 - HKLM\..\RunServices: [Windows media services] cvrsss.exe
    O4 - HKLM\..\RunServices: [win-update] wiupdat.exe
    O4 - HKLM\..\RunServices: [Microsoft Server Application] Sound.exe
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKCU\..\Run: [USB Device] win32usb.exe
    O4 - HKCU\..\Run: [win-update] wiupdat.exe
    O4 - HKCU\..\Run: [Microsoft Server Application] Sound.exe
    O4 - HKCU\..\Run: C:\WINNT\System32\?hkntfs.exe
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe
    O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab
    O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn298.exe

    Fix those entries then find and delete the files listed above, reboot and post a new log.
  • angelawafcangelawafc
    edited November 2004
    sorry it has taken me so long to get back!
    done as suggested..... this is what i get now


    Logfile of HijackThis v1.98.2
    Scan saved at 18:44:06, on 01/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\keyhook.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\WINNT\System32\winmplayer.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\WINNT\System32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\SYSCFG16.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\WINNT\System32\winlogd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\PAL\KLP\svchost.exe
    C:\Uninst2.exe
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Documents and Settings\AMD\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINNT\System32\PAL\KLP\ieguard.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [klp] C:\WINNT\System32\PAL\KLP\explorer.exe
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e0863aa3b8b018917/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

    is all this ok now, or do i still have an issue? just out of curiosity did i have a key-logger on there in the 1st place?
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    O4 - HKLM\..\Run: [Microsoft media services] winmplayer.exe
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKLM\..\RunServices: [Microsoft media services] winmplayer.exe
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe

    Fix those entries then fin dand delete the files listed above, reboot and post a new log.
  • angelawafcangelawafc
    edited November 2004
    Logfile of HijackThis v1.98.2
    Scan saved at 22:09:42, on 01/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\keyhook.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\WINNT\System32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\System32\winlogd.exe
    C:\WINNT\SYSCFG16.EXE
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\Program Files\GIANT Company Software\KLP\svchost.exe
    C:\Uninst2.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINNT\System32\wuauclt.exe
    C:\Documents and Settings\AMD\Desktop\HijackThis.exe
    C:\WINNT\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\Program Files\GIANT Company Software\KLP\ieguard.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [klp] C:\Program Files\GIANT Company Software\KLP\explorer.exe
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e0863aa3b8b018917/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
  • SpywareShooterSpywareShooter 127.0.0.1
    edited November 2004
    O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\Program Files\GIANT Company Software\KLP\ieguard.dll
    O4 - HKLM\..\Run: [klp] C:\Program Files\GIANT Company Software\KLP\explorer.exe
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe

    Fix those entries then find and delete the following files, reboot and post a new log.
    C:\Program Files\GIANT Company Software\KLP\
    C:\WINNT\SYSCFG16.EXE
    winlogd.exe
    C:\Uninst2.exe
  • angelawafcangelawafc
    edited November 2004
    Logfile of HijackThis v1.98.2
    Scan saved at 23:38:47, on 01/11/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
    C:\WINNT\System32\keyhook.exe
    C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
    C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
    C:\WINNT\System32\RunDll32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\SYSCFG16.EXE
    C:\WINNT\System32\winlogd.exe
    C:\WINNT\System32\ctfmon.exe
    C:\Program Files\Spyware Doctor\spydoctor.exe
    C:\Documents and Settings\AMD\Desktop\HijackThis.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Uninst2.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINNT\System32\wuauclt.exe
    C:\WINNT\System32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINNT\System32\keyhook.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows System Configuration] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\Run: [Windows logging] winlogd.exe
    O4 - HKLM\..\Run: [Windows DLL Loader] C:\WINNT\SYSCFG16.EXE
    O4 - HKLM\..\RunServices: [Windows logging] winlogd.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q
    O4 - HKCU\..\Run: [Windows logging] winlogd.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/012e0863aa3b8b018917/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096923745233
Sign In or Register to comment.