Virus on my desktop

edited April 2008 in Spyware & Virus Removal
Its been crashing some background programs when my computer starts up.
Which logs do you guys need?

and my Battlefield 1942 game won't start up. :(

Comments

  • VekaVeka Finland
    edited April 2008
    Hello De Sniper,
    • Download HJTInstall.exe to your Desktop.
    • Doubleclick HJTInstall.exe to install it.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Copy/Paste the log to your next reply please.
    Don't use the Analyse This button, its findings are dangerous if misinterpreted.
    Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
  • edited April 2008
    Panda Security

    Results Scanning
    Searching for viruses, spyware, Trojans and other threats. It also uses
    heuristic technologies to detect unknown viruses.
    100%
    Item in progress:
    Files scanned:241096
    Files infected:1
    Suspicious files detected:0
    Vulnerabilities detected:2


    Cookies detected!
    We have detected that the AVG Internet Security protection on your PC is enabled
    and up-to-date.


    You need better protection for your PC. With Panda solutions you will be
    protected against more than 3 million viruses, spyware and other threats.
    Buy Panda to disinfect and protect your PC!

    Would you like to share ActiveScan 2.0 with your friends? Just leave their email
    addresses. We will not save them in our database.
    Email address 1: Email address 2: Email address 3: DEMO
    Export to:
    Threats with free disinfection (0)
    Only available for registered users.
    Register free - I'm registered
    Threats disinfected with the paid version (1)
    Low danger level (1)Cookie/Atlas D...Tracking CookieLatentShow+ Info
    1. C:\Documents and Settings\Arron\Cookies\arron@atdmt[2].txt

    Only available in paid version.
    Buy - I am a client
    Suspicious files (0)

    Vulnerabilities (2)
    MS06-006Medium+ Info
    MS07-043High+ Info

    Terms and conditions of use - © Panda Security 2008 Now, just by registering,
    you can run custom scans and disinfect viruses, worms and Trojans.
    It's free!

    ActiveScan 2.0 offers you much more.
    Free
    (requires registration)From
    $ 19.95
    Quick scan
    Full scan
    Disinfection of viruses, worms and Trojans.
    Complete disinfection

    hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:21:56 PM, on 4/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Documents and Settings\Arron\Desktop\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1205553160968
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 9243 bytes

    I have another topic that needs deleted thanks.
    http://icrontic.com/forum/showthread.php?t=70646
  • VekaVeka Finland
    edited April 2008
    It appears you have two antivirus/firewall running, which is not recommended. Having more than one antivirus/firewall active in memory uses additional resources and can result in program conflicts and false virus alerts. I advice to remove either AVG or iolo (let me know your decision, please)

    After that, reboot your computer and do a scan with Kaspersky Online Virus Scan

    Click on Kaspersky Online Scanner

    You will be promted to install an ActiveX component from Kaspersky, Click Yes.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
      • Extended (if available otherwise Standard)
      • Scan Options:
      • Scan Archives
        Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This will program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
  • edited April 2008
    My computer won't start-up past the Gigabyte screen that you can get into the advanced configurations menu from.

    I think I'll go into one of the menus if I can and reset everything then try to start up again and if I can't then I'll probably reinstall everything.
  • edited April 2008
    Ok it finally started up after I left the computer shut off for about a day so I'll run that scan now
  • VekaVeka Finland
    edited April 2008
    Good, I'm waiting your reply. :)
  • edited April 2008

    KASPERSKY ONLINE SCANNER REPORT
    Monday, April 14, 2008 1:50:52 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 14/04/2008
    Kaspersky Anti-Virus database records: 704613

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 53473
    Number of viruses found: 0
    Number of infected objects: 0
    Number of suspicious objects: 0
    Duration of the scan process: 00:44:47

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\Arron\Application Data\iolo\SystemAnalyzer.log Object is locked skipped
    C:\Documents and Settings\Arron\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temp\fb_3336.lck Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temp\Perflib_Perfdata_d08.dat Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temp\~DF6548.tmp Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temp\~DF7B0.tmp Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Arron\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Arron\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Arron\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{B3935FBB-A9C4-4142-B3D4-6B0B529C7863}\RP93\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{66EA4E34-7C47-491D-AE32-1696EDB48252}.crmlog Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\fb_576.lck Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_2f4.dat Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    E:\System Volume Information\_restore{B3935FBB-A9C4-4142-B3D4-6B0B529C7863}\RP93\change.log Object is locked skipped

    Scan process completed.
  • VekaVeka Finland
    edited April 2008
    It's clean. Please post a fresh HijackThis log once again. :)
  • edited April 2008
    It never said that it got rid of any virus.
  • edited April 2008
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:06:46 PM, on 4/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wudfhost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
    C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
    C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\Documents and Settings\Arron\Desktop\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205553160968
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 8591 bytes
  • VekaVeka Finland
    edited April 2008
    That looks pretty good also. :)

    • Please go to VirusTotal
    • Copy and paste the following file path into the Search Box in the middle of the page:

      C:\WINDOWS\system32\winsys2.exe

    • Now, click on the Send File button
    • Save a copy of the Anti-Virus results. Post the results in your next reply.
  • edited April 2008
    Antivirus Version Last Update Result
    AhnLab-V3 2008.4.15.0 2008.04.14 -
    AntiVir 7.6.0.85 2008.04.14 -
    Authentium 4.93.8 2008.04.13 -
    Avast 4.8.1169.0 2008.04.14 -
    AVG 7.5.0.516 2008.04.14 -
    BitDefender 7.2 2008.04.14 -
    CAT-QuickHeal 9.50 2008.04.14 -
    ClamAV 0.92.1 2008.04.14 -
    DrWeb 4.44.0.09170 2008.04.14 -
    eSafe 7.0.15.0 2008.04.09 -
    eTrust-Vet 31.3.5697 2008.04.14 -
    Ewido 4.0 2008.04.14 -
    F-Prot 4.4.2.54 2008.04.14 -
    F-Secure 6.70.13260.0 2008.04.14 -
    FileAdvisor 1 2008.04.14 -
    Fortinet 3.14.0.0 2008.04.14 -
    Ikarus T3.1.1.26.0 2008.04.14 -
    Kaspersky 7.0.0.125 2008.04.14 -
    McAfee 5273 2008.04.14 -
    Microsoft 1.3408 2008.04.14 -
    NOD32v2 3026 2008.04.14 -
    Norman 5.80.02 2008.04.14 -
    Panda 9.0.0.4 2008.04.14 -
    Prevx1 V2 2008.04.14 -
    Rising 20.40.02.00 2008.04.14 -
    Sophos 4.28.0 2008.04.14 -
    Sunbelt 3.0.1041.0 2008.04.12 -
    Symantec 10 2008.04.14 -
    TheHacker 6.2.92.277 2008.04.14 -
    VBA32 3.12.6.4 2008.04.14 -
    VirusBuster 4.3.26:9 2008.04.14 -
    Webwasher-Gateway 6.6.2 2008.04.14 -
    Additional information
    File size: 208896 bytes
    MD5...: 3436123487b8db393db49109017d5226
    SHA1..: 71baf986c06720662be69153c0d5b29bc1a3f26d
    SHA256: e4f69f93572e817e4694f149669367a32f65f4de59cb2fe062ec1202a8fa97fa
    SHA512: 2d5a6849f81dd43afc4f36c76d8feda8f60f5dbe60012e68e2e4dba58f4849aa
    158ee15afe21ac978c9cefef93a4e26aa0e32f80736909d4a94581ab3671b84c
    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x410214
    timedatestamp.....: 0x4726ed3b (Tue Oct 30 08:37:15 2007)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x20996 0x21000 6.65 8e66a769c9798aa2360b2652eef8eaa5
    .rdata 0x22000 0x7cfe 0x8000 4.90 1f93dbb50db9c21acda7c7c1888d93e8
    .data 0x2a000 0x8fd4 0x3000 3.31 2bc8669cfae0847f14f5e0b842c89897
    CONST 0x33000 0x1f 0x1000 0.09 e1c91d3ead8e57dca21253f563c750c1
    .rsrc 0x34000 0x48a8 0x5000 4.41 46abb0b06f7f2c3453dea7320e86064f

    ( 8 imports )
    > MADCHOOK.DLL: InjectLibraryA, UninjectLibraryA
    > KERNEL32.dll: SetErrorMode, HeapAlloc, HeapFree, HeapReAlloc, VirtualAlloc, RtlUnwind, GetCommandLineA, GetProcessHeap, GetStartupInfoA, RaiseException, ExitProcess, HeapSize, VirtualFree, HeapDestroy, HeapCreate, GetStdHandle, TerminateProcess, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, GetACP, GetConsoleCP, GetConsoleMode, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetOEMCP, GetCPInfo, CreateFileA, GetCurrentProcess, GetThreadLocale, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, GlobalFlags, WritePrivateProfileStringA, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, GlobalGetAtomNameA, GlobalFindAtomA, lstrcmpW, FreeResource, GetCurrentProcessId, GlobalAddAtomA, CloseHandle, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetModuleFileNameA, EnumResourceLanguagesA, GetLocaleInfoA, lstrcmpA, GlobalDeleteAtom, FreeLibrary, InterlockedDecrement, GetModuleFileNameW, GetModuleHandleA, GlobalFree, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageA, LocalFree, FindResourceA, LoadResource, LockResource, SizeofResource, MulDiv, SetLastError, GetProcAddress, LoadLibraryA, lstrlenA, CompareStringA, GetVersionExA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, InterlockedExchange, UnhandledExceptionFilter
    > USER32.dll: UnregisterClassA, LoadCursorA, GetSysColorBrush, EndPaint, BeginPaint, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, ShowWindow, SetWindowTextA, IsDialogMessageA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, GetCapture, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextA, GetForegroundWindow, GetTopWindow, GetMessagePos, MapWindowPoints, SetForegroundWindow, UpdateWindow, GetMenu, CreateWindowExA, GetClassInfoExA, GetClassInfoA, RegisterClassA, GetSysColor, AdjustWindowRectEx, CopyRect, PtInRect, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, SetWindowLongA, SetWindowPos, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, GetWindow, GetDesktopWindow, SetActiveWindow, CreateDialogIndirectParamA, DestroyWindow, IsWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, DrawIcon, SendMessageA, GetWindowThreadProcessId, GetWindowLongA, GetLastActivePopup, IsWindowEnabled, MessageBoxA, SetCursor, SetWindowsHookExA, CallNextHookEx, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, DestroyMenu, GetMessageTime, IsIconic, GetClientRect, SetTimer, KillTimer, LoadIconA, EnableWindow, GetSystemMetrics, GetSubMenu, GetMenuItemCount, GetMenuItemID, GetMenuState, UnhookWindowsHookEx, PostQuitMessage, PostMessageA, IsWindowVisible, GetKeyState, PeekMessageA, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapA, GetFocus, GetParent, ModifyMenuA, EnableMenuItem, CheckMenuItem
    > GDI32.dll: SetWindowExtEx, ScaleWindowExtEx, DeleteDC, GetStockObject, PtVisible, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, GetDeviceCaps, DeleteObject, SetMapMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, RectVisible
    > WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
    > ADVAPI32.dll: RegQueryValueA, RegEnumKeyA, RegDeleteKeyA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey
    > SHLWAPI.dll: PathFindFileNameA, PathFindExtensionA
    > OLEAUT32.dll: -, -, -

    ( 0 exports )
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=3436123487b8db393db49109017d5226
  • edited April 2008
    Maybe it doesnt have a virus I dont know, but when I started it up two days ago, it said a background task had crashed and after I sent the error report to microsoft it told me which virus causes that type of issue. I probably should have written it down.
  • VekaVeka Finland
    edited April 2008
    Thank you.

    Please do a system scan with HijackThis and check the box next to this entry:

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Note: This isn't a malware. It's Realtek AC97 Audio event monitor. "Sypware" file used surreptitiously monitor one's actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers. If you delete this file, then you will not be able to properly update your drivers in the future. It is therefore recommended that you disable the startup instead.

    URL: www.bleepingcomputer.com/startups/ALCMTR.EXE-240.html


    Please check these also:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe


    ==================================================

    Please do the following....
    • [FONT=Verdana,Arial,Helvetica,sans serif][/FONT][FONT=Verdana,Arial,Helvetica,sans serif][SIZE=-1]
    • Click Start.
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK[/SIZE][/FONT]
    After that, rename winsys2.exe to winsys2.exe1 (located in C:\WINDOWS\system32 folder)

    Does this cause any change?
  • edited April 2008
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:23:13 AM, on 4/16/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\WinSys.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox 3 Beta 4\firefox.exe
    C:\DOCUME~1\Arron\LOCALS~1\Temp\AutoRun.exe
    C:\Documents and Settings\Arron\Desktop\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
    O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
    O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
    O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips Intelligent Agent\Philips Intelligent Agent.exe" /SILENT
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205553160968
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo Product Update Service (ioloProductUpdate) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 8159 bytes
  • edited April 2008
    I'm going to have to reinstall my system because my Battlefield program still doesnt work. I click it it does nothing. Oh, well.

    Start from the beginning cause I've been having some driver conflict problems as well, got error messages through windows reporting that couldnt tell me what device was causing the problem.
  • VekaVeka Finland
    edited April 2008
    All right. So this thread can be archived?
  • edited April 2008
    ya thats fine with me, thanks for your help.
  • VekaVeka Finland
    edited April 2008
    Glad we could be of assistance! The help you received here was free.

    This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

    If you are not the user who started this thread, you must start your own Thread instead :)
    _______________________________
    Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.
Sign In or Register to comment.