It seems as though I have a problem. I play an online html turn based game and it runs like crap constantly. It's not graphics intensive, not much of a ram eater, it just runs slow and "jerky". My system will start doing this at any given time. I have Zone Alarm Pro and Spyware Doctor running in the background. Even after scans which find maybe 6 - 8 cookies that it cleans I still have the problem. I've included a HJT log and an Autorunds as well hoping someone might be able to find whatever could be causing this problem. Thank you for taking the time to help in advance. Also my girlfirend said that after running a ZAPro scan it showed something called Net.cmd and Net1.exe. Could this have anything to do with the problem? I used to have a site marked that told about all the different types of files and whether they were legit or not, but have lost it.Logfile of HijackThis v1.99.1
Scan saved at 2:25:26 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\cpuidle.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Browser Mouse\2.03\mouse32a.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\autoruns.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.se1.attbb.net:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = sas.se1.attbb.net;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\WINDOWS\DOWNLO~1\hbhelper.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [FLMMEMOREX203] C:\Program Files\Browser Mouse\2.03\mouse32a.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE
O4 - HKLM\..\Run: [Jammer] C:\PROGRA~1\Agnitum\JAMMER~1.95\jammer.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe "C:\WINDOWS\DOWNLO~1\hbhelper.dll",WaitWindows
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks -
http://download.games.yahoo.com/games/clients/y/blt1_x.cabO16 - DPF: Tornado 21 -
http://download.games.yahoo.com/games/clients/y/t21t0_x.cabO16 - DPF: WebWorks Help 2.0 - file://C:\Program Files\Corel\Bryce 5\Help\wwhelp2.cab
O16 - DPF: Yahoo! Chat -
http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cabO16 - DPF: Yahoo! Chat 1.3 -
http://jcs.chat.dcn.yahoo.com/c174/chat.cabO16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/games/clients/y/it1_x.cabO16 - DPF: Yahoo! Dice -
http://download.games.yahoo.com/games/clients/y/dct4_x.cabO16 - DPF: Yahoo! Euchre -
http://download.games.yahoo.com/games/clients/y/et1_x.cabO16 - DPF: Yahoo! Klondike Solitaire -
http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cabO16 - DPF: Yahoo! MahJong Solitaire -
http://download.games.yahoo.com/games/clients/y/mjst3_x.cabO16 - DPF: Yahoo! Pool 2 -
http://download.games.yahoo.com/games/clients/y/potd_x.cabO16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/games/clients/y/pyt1_x.cabO16 - DPF: Yahoo! Spelldown -
http://download.games.yahoo.com/games/clients/y/sdt1_x.cabO16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -
http://install.homestead.com/~site/Install...ive/HS_live.cabO16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CABO16 - DPF: {038318E8-0C2D-4DF5-A7AF-B4FB373F501E} (HBHelper.HBActivex) -
http://download.henbang.net/download/updatelist/helper.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cabO16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15007/CTSUEng.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zonelabs.com/bin/free/cm/ICSCM.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) -
http://download.akamaitools.com.edgesuite....loadManager.cabO16 - DPF: {5AA5A569-F96F-4628-A528-8B3698F558BB} (HS_live Control) -
http://install.homestead.com/~site/Install...ive/HS_live.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resources/scan8/oscan8.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1127512129509O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat...b?1127512120917O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://pcpitstop.com/mhLbl.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/games/popc...aploader_v5.cabO16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) -
http://www.seagate.com/support/disc/asp/to.../npseatools.cabO16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) -
http://driveragent.com/files/driveragent.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/...386/mcfscan.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://chat.msn.com/controls/msnchat45.cabO16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15008/CTPID.cabO16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) -
https://secure.logmein.com/activex/ractrl.cab?lmi=100O17 - HKLM\System\CCS\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS3\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS4\Services\Tcpip\..\{4FEF5B8D-4D9F-42D0-98CC-413250EBC283}: NameServer = 4.2.2.2,4.2.2.3
O23 - Service: cpuidle - Unknown owner - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\CPUIDLE\srvany.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Also, here is the Autoruns log (Autorun V 8.5 by Sysinternals)HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclip RDP Clip Monitor (Not verified) Microsoft Corporation c:\windows\system32\rdpclip.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AppSetup HKCU\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKLM\SOFTWARE\Policies\Microsoft\Windows\System\Scripts\Startup HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\Shell HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell + C:\Program File not found: C:\Program + Files\Common File not found: Files\Common + Files\Microsoft File not found: Files\Microsoft + Shared\Web File not found: Shared\Web HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + Creative WebCam Tray PC-CAM Center Launcher Application (Not verified) Creative Technology Ltd c:\program files\creative\pc-cam center\camtray.exe + Disc Detector Disc Detector (Not verified) Creative Technology Ltd. c:\program files\creative\sharedll\ctnotify.exe + FLMMEMOREX203 c:\program files\browser mouse\2.03\mouse32a.exe + InCD InCD (Not verified) Ahead Software AG c:\program files\ahead\incd\incd.exe + Jammer Jammer. Network protection utility. (Not verified) Agnitum Ltd. c:\program files\agnitum\jammer 1.95\jammer.exe + Jet Detection Creative JetDetect c:\program files\creative\sblive\program\adgjdet.exe + NeroCheck NeroCheck (Not verified) Ahead Software Gmbh c:\windows\system32\\nerocheck.exe + nwiz NVIDIA nView Wizard, Version 100.40 (Not verified) NVIDIA Corporation c:\windows\system32\nwiz.exe + SunJavaUpdateSched Java(tm) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\jusched.exe + WINDVDPatch CtHelper Application (Not verified) Creative Technology Ltd c:\windows\system32\cthelper.exe + Zone Labs Client Zone Labs Client (Verified) Check Point Software Technologies Inc. c:\program files\zone labs\zonealarm\zlclient.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce C:\Documents and Settings\All Users\Start Menu\Programs\Startup + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher (Not verified) Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe C:\Documents and Settings\Chris\Start Menu\Programs\Startup HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run HKCU\Software\Microsoft\Windows\CurrentVersion\Run + CursorXP CursorXP (Not verified) c:\program files\cursorxp\cursorxp.exe + Eraser Eraser. (Not verified) - c:\program files\eraser\eraser.exe + FreeRAM XP FreeRAM XP Pro (YourWare Solutions) (Not verified) YourWare Solutions (tm) c:\program files\yourware solutions\freeram xp pro\freeram xp pro.exe + Spyware Doctor Spyware Doctor (Verified) PC Tools Pty Ltd c:\program files\spyware doctor\swdoctor.exe HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Runonce HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\RunonceEx HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\MICROSOFT\Windows\CURRENTVERSION\Run HKLM\SOFTWARE\Classes\Protocols\Filter + Class Install Handler OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + deflate OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + gzip OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + lzdhtml OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll HKLM\SOFTWARE\Classes\Protocols\Handler + cdl OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + cdo Microsoft SharePoint Portal Server Object Model (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\pkmcdo.dll + file OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + ftp OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + gopher OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + http OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + https OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + local OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + mk OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll + ms-itss Microsoft® InfoTech Storage System Library (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\information retrieval\msitss.dll HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components HKCU\SOFTWARE\Microsoft\Active Setup\Installed Components HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad + 0aMCPClient File not found: CLSID\{F5DF91F9-15E9-416B-A7C3-7519B11ECBFC}\InprocServer32 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved + Desktop Explorer NVIDIA Desktop Explorer, Version 100.40 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll + Desktop Explorer Menu NVIDIA Desktop Explorer, Version 100.40 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll + Eraser Shell Extension Eraser Shell Extension. (Not verified) - c:\program files\eraser\erasext.dll + Macromedia FTP & RDS CfShellFtpRds Module (Not verified) Macromedia, Inc. c:\windows\system32\cfshellftprds.dll + nView Desktop Context Menu NVIDIA Desktop Explorer, Version 100.40 (Not verified) NVIDIA Corporation c:\windows\system32\nvshell.dll + Pop-Up Stopper &Companion Pop-Up Stopper Companion (Not verified) Panicware, Inc. c:\program files\panicware\pop-up stopper companion\popupus.dll + Shell Extension for CDRW UDF Shell Extension DLL (Not verified) Ahead Software, Karlsbad, Germany c:\program files\ahead\incd\incdshx.dll + Shell Extensions for RealOne Player RealPlayer Shell Extensions (Not verified) RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll + Web Folders Microsoft Web Folders (Not verified) Microsoft Corporation c:\program files\common files\microsoft shared\web folders\msonsext.dll + WinAce Archiver 2.5 Context Menu Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\program files\winace\arcext.dll + WinAce Archiver 2.5 Context Menu Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\program files\winace\arcext.dll + WinAce Archiver 2.5 DragDrop Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\program files\winace\arcext.dll + WinAce Archiver 2.5 Property Sheet Shell Extension WinAce-Archiver Shell Extension (Not verified) e-merge GmbH c:\program files\winace\arcext.dll + WinRAR shell extension c:\program files\winrar\rarext.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll + WinZip WinZip Shell Extension DLL (Not verified) WinZip Computing, Inc. c:\program files\winzip\wzshlstb.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved HKLM\Software\Classes\Folder\Shellex\ColumnHandlers + PDF Shell Extension PDF Shell Extension (Not verified) Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects + AcroIEHlprObj Class Adobe Acrobat IE Helper Version 7.0 for ActiveX (Verified) Adobe Systems, Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll + CCHelper Class Cleaning Companion Helper Module c:\program files\panicware\pop-up stopper companion\cchelper.dll + CNavExtBho Class Norton AntiVirusNAVShellExt Module (Verified) Symantec Corporation c:\program files\norton internet security professional\norton antivirus\navshext.dll + CNisExtBho Class NIS Shell Extension (Not verified) Symantec Corporation c:\program files\common files\symantec shared\adblocking\nisshext.dll + HBObject Class HBHelper Module (Not verified) Shanghai Henbang Technology Co., Ltd c:\windows\downloaded program files\hbhelper.dll + PCTools Browser Monitor iesdpb.dll (Verified) PC Tools Pty Ltd c:\program files\spyware doctor\tools\iesdpb.dll + PCTools Site Guard Site Guard (Verified) PC Tools Pty Ltd c:\program files\spyware doctor\tools\iesdsg.dll + SSVHelper Class Java(tm) 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\program files\java\jre1.5.0_06\bin\ssv.dll + {53707962-6F74-2D53-2644-206D7942484F} Bad download blocker (Verified) Safer Networking Ltd. c:\program files\spybot - search & destroy\sdhelper.dll HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks HKLM\Software\Microsoft\Internet Explorer\Toolbar HKCU\Software\Microsoft\Internet Explorer\Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars HKCU\Software\Microsoft\Internet Explorer\Extensions + NeoTrace It! c:\program files\neotrace express\ntxtoolbar.htm HKLM\Software\Microsoft\Internet Explorer\Extensions + Yahoo! Messenger c:\program files\yahoo!\messenger\ypager.exe Task Scheduler HKLM\System\CurrentControlSet\Services + cpuidle c:\windows\system32\drivers\etc\cpuidle\srvany.exe + Creative Service for CDROM Access Creative Service for CDROM Access (Not verified) Creative Technology Ltd c:\windows\system32\ctsvccda.exe + InCDsrv Helper service for the InCD filesystem driver (Not verified) AHEAD Software c:\program files\ahead\incd\incdsrv.exe + SDhelper (Verified) PC Tools Pty Ltd c:\program files\spyware doctor\sdhelp.exe + vsmon Monitors internet traffic and generates alerts for disallowed access. (Verified) Check Point Software Technologies Inc. c:\windows\system32\zonelabs\vsmon.exe HKLM\System\CurrentControlSet\Services + ACPI ACPI Driver for NT (Not verified) Microsoft Corporation c:\windows\system32\drivers\acpi.sys + ikhlayer (Not verified) PCTools Research Pty Ltd. c:\windows\system32\drivers\ikhlayer.sys + InCDPass Ahead CD-RW Filter Driver (Not verified) Ahead Software c:\windows\system32\drivers\incdpass.sys + LMIInfo RemotelyAnywhere Kernel Information Provider (Verified) 3am Labs, Inc. c:\program files\logmein\rainfo.sys + LMImirr RemotelyAnywhere Mirror Miniport Driver (Verified) 3am Labs, Inc. c:\windows\system32\drivers\lmimirr.sys + NAVENG AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20031104.016\naveng.sys + NAVEX15 AV Engine (Verified) Symantec Corporation c:\program files\common files\symantec shared\virusdefs\20031104.016\navex15.sys + NPDriver Norton Protection Driver (Not verified) Symantec Corporation c:\windows\system32\drivers\npdriver.sys + NPF NPF Driver - TME extensions (Not verified) Politecnico di Torino c:\windows\system32\drivers\npf.sys + ousbehci USB 2.0 Enhanced Host Controller Driver (Not verified) OrangeWare Corporation c:\windows\system32\drivers\ousbehci.sys + PfModNT PCI/ISA Device Info. Service (Not verified) Creative Technology Ltd. c:\windows\system32\pfmodnt.sys + rtl8139 File not found: System32\DRIVERS\RTL8139.SYS + Secdrv SafeDisc driver (Not verified) Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + SymEvent File not found: C:\Program Files\Symantec\SYMEVENT.SYS + symlcbrd c:\windows\system32\drivers\symlcbrd.sys + SYMTDI Norton Internet Security Filter (Verified) Symantec Corporation c:\windows\system32\drivers\symtdi.sys + TVICHW32 TVicHW32 Driver for Windows NT/2000/XP (Not verified) EnTech Taiwan c:\windows\system32\drivers\tvichw32.sys + vsdatant TrueVector Device Driver (Verified) Check Point Software Technologies Inc. c:\windows\system32\vsdatant.sys + WINFLASH c:\windows\system32\drivers\winflash.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options HKLM\SOFTWARE\Microsoft\Command Processor\Autorun HKCU\SOFTWARE\Microsoft\Command Processor\Autorun HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command\(Default) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls + urlmon OLE32 Extensions for Win32 (Not verified) Microsoft Corporation c:\windows\system32\urlmon.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GinaDLL HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman HKCU\Control Panel\Desktop\Scrnsave.exe HKLM\System\CurrentControlSet\Control\BootVerificationProgram\ImageName HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
