Options
Desktop Wont Load, Explorer behaving weirdly
'Solved' this problem by doing a format of the windows partition and reinstalling windows. I'm leaving most of the post intact for future reference if anyone needs.
Ok, this has been a problem for around a week or so, but it got much worse in the past few days. I'd appreciate it if anyone has anyidea what to do. I really rather not reformat my drive as it would take me at least 1/2 day or more to get back to shape
Symptom:Windows doesnt load up desktop. After the profile and preferences are loaded, windows simply doesnt load the desktop, and icons etc. A ctrl + alt + del reveals explorer is running. After i terminate explorer.exe in the process menu, and i run it again via the task manager, i enter windows proper, minus my startup programs. It used to be a 10-20% chance of this thing happening - so i usually just restarted the computer the problem would disappear. Incidently, i got hit by spy-quake2, but i think i managed to remove it with Norton AV.
Things i've done so far:
1. Deleted cookies/offline content
2. Run NAV - found some trojans- removed them.
3. Run Ad aware (the version that this site recommends)-removed a few stuff
4. Run Spybot doctor - removed a few stuff
5. install and run Javacools spyware blaster
6. Restart computer in Safemode
7. Run Ad aware + spybot doctor in safe mode - this time nothing was found
Started panicking and decided to do a more detailed check wondering if the solution to the problem was not so obvious.
8. Restarted computer, ran eventvwr.msc according to some other webby - saw a id 49, error. Tried changing my pagefile size - but that didnt help both that error and the desktop/explorer error.
9. Checked hardware manager - and found that a microsoft tun minport adapter had a yellow ! to it. Couldnt remove it - so simply disabled it. Didnt work as well.
10. Read somewhere that the adapter problem had something to do with an TCP/IP version 6 which was not really required. Removed it, both problems still around.
11. Ran online kaspery anti virus scan. Saw the trojans, (which were residing in the restore points ). Stopped windows restore, and did another scan. 0 stuff found.
12. Updated itouch and uninstalled mouseware. Updated office 2000. The problem could have been a mouseware + a4tec software conflict. Or it could have simply been the system attempting a system restore with an infected restore. Or simply a unupdated office 2000 (which i seriously doubt). Not too sure though. Not really sure if i'm out of the woods yet. Will post again if i'm sure i've fixed it (by my many weird 'attempts' at fixing the problem). Also, could this be some sort of hardware issue?
This is my Hijack This Log, would appreciate it and tell me if there are any stuff that could cause the problem to come back / or start again (or if i still have the problem.)
Logfile of HijackThis v1.99.1
Scan saved at 9:58:33 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
F:\WINDOWS\System32\tcpsvcs.exe
F:\WINDOWS\System32\snmp.exe
F:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\A4Tech\Mouse\Amoumain.exe
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\VIAudioi\SBADeck\ADeck.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\System32\msiexec.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Messenger\msmsgs.exe
C:\Ganesh\Zips\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] F:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AudioDeck] F:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = F:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152341176797
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156683611455
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{C28562FD-A47D-4DAB-A8EF-1950D2FCF2FD}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CS3\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrtf32 - winrtf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ok, this has been a problem for around a week or so, but it got much worse in the past few days. I'd appreciate it if anyone has anyidea what to do. I really rather not reformat my drive as it would take me at least 1/2 day or more to get back to shape
Symptom:Windows doesnt load up desktop. After the profile and preferences are loaded, windows simply doesnt load the desktop, and icons etc. A ctrl + alt + del reveals explorer is running. After i terminate explorer.exe in the process menu, and i run it again via the task manager, i enter windows proper, minus my startup programs. It used to be a 10-20% chance of this thing happening - so i usually just restarted the computer the problem would disappear. Incidently, i got hit by spy-quake2, but i think i managed to remove it with Norton AV.
Things i've done so far:
1. Deleted cookies/offline content
2. Run NAV - found some trojans- removed them.
3. Run Ad aware (the version that this site recommends)-removed a few stuff
4. Run Spybot doctor - removed a few stuff
5. install and run Javacools spyware blaster
6. Restart computer in Safemode
7. Run Ad aware + spybot doctor in safe mode - this time nothing was found
Started panicking and decided to do a more detailed check wondering if the solution to the problem was not so obvious.
8. Restarted computer, ran eventvwr.msc according to some other webby - saw a id 49, error. Tried changing my pagefile size - but that didnt help both that error and the desktop/explorer error.
9. Checked hardware manager - and found that a microsoft tun minport adapter had a yellow ! to it. Couldnt remove it - so simply disabled it. Didnt work as well.
10. Read somewhere that the adapter problem had something to do with an TCP/IP version 6 which was not really required. Removed it, both problems still around.
11. Ran online kaspery anti virus scan. Saw the trojans, (which were residing in the restore points ). Stopped windows restore, and did another scan. 0 stuff found.
12. Updated itouch and uninstalled mouseware. Updated office 2000. The problem could have been a mouseware + a4tec software conflict. Or it could have simply been the system attempting a system restore with an infected restore. Or simply a unupdated office 2000 (which i seriously doubt). Not too sure though. Not really sure if i'm out of the woods yet. Will post again if i'm sure i've fixed it (by my many weird 'attempts' at fixing the problem). Also, could this be some sort of hardware issue?
This is my Hijack This Log, would appreciate it and tell me if there are any stuff that could cause the problem to come back / or start again (or if i still have the problem.)
Logfile of HijackThis v1.99.1
Scan saved at 9:58:33 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
F:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
F:\WINDOWS\System32\tcpsvcs.exe
F:\WINDOWS\System32\snmp.exe
F:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Logitech\iTouch\iTouch.exe
F:\Program Files\A4Tech\Mouse\Amoumain.exe
F:\Program Files\Logitech\Video\LogiTray.exe
F:\Program Files\Common Files\Symantec Shared\ccApp.exe
F:\WINDOWS\System32\LVCOMSX.EXE
F:\Program Files\VIAudioi\SBADeck\ADeck.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
F:\Program Files\Logitech\Video\FxSvr2.exe
F:\Program Files\Internet Explorer\iexplore.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\WINDOWS\System32\msiexec.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Messenger\msmsgs.exe
C:\Ganesh\Zips\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [zBrowser Launcher] F:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WheelMouse] F:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [LogitechVideoTray] F:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] F:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ccApp] "F:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LVCOMSX] F:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [AudioDeck] F:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "F:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = F:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = F:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - F:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152341176797
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156683611455
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CCS\Services\Tcpip\..\{C28562FD-A47D-4DAB-A8EF-1950D2FCF2FD}: NameServer = 165.21.83.88,165.21.100.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CS2\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O17 - HKLM\System\CS3\Services\Tcpip\..\{01C7E4CD-1FF3-41CD-807B-3DF36A64FD21}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrtf32 - winrtf32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - F:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
0