Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win Xp Slow Boot


  • Please log in to reply
6 replies to this topic

#1 JanSorensen

JanSorensen

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 January 2007 - 04:15 AM

I find that my Win XP is booting rather slowly (approximately 95 sec). I prefer not to do a new clean install so I am hoping someone can spot the culprit(s) in the Hijackthis log.


Logfile of HijackThis v1.99.1
Scan saved at 10:09:12, on 24-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Programmer\Outlook Express\msimn.exe
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Programmer\Popup Manager\PopupMgr_1.0.1.5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\LOM.ocx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://vs03-us.protier.com/SupportFiles/client/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)


StartupList report, 24-01-2007, 09:58:59
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programmer\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmer\Popup Manager\PopupMgr_1.0.1.5.dll - {08E74C67-99A6-45C7-94DA-A397A8FD8082}

--------------------------------------------------

Enumerating Download Program Files:

[Rawflow ICD Client]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Rawflow.ocx
CODEBASE = http://downol.dr.dk/download/netradio/Rawflow.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.microsoft.com/download/0/5...b?1066240840421

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[Microsoft RDP Client Control (redist)]
InProcServer32 = C:\WINDOWS\DOWNLO~1\msrdp.ocx
CODEBASE = http://vs03-us.protier.com/SupportFiles/client/msrdp.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IENETO~1.OCX
CODEBASE = http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

[Secure Delivery]
CODEBASE = http://www.gamespot.com/KDX/kdx.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: avsda.dll (file MISSING)
Protocol #2: avsda.dll (file MISSING)
Protocol #16: avsda.dll (file MISSING)

--------------------------------------------------

Enumerating Windows NT/2000/XP services

AntiVir PersonalEdition Premium MailGuard: C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe (autostart)
AntiVir PersonalEdition Premium Guard: C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe (autostart)
Aspi32: System32\drivers\aspi32.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Startprogram til DCOM Serverproces: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-klientprogram: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS-klient: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Hændelseslog: %SystemRoot%\system32\services.exe (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbejdsstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
Beskyttet lager: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
SAM (Security Accounts Manager): %SystemRoot%\system32\lsass.exe (autostart)
Opgavestyring: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Hardwaregenkendelse på brugergrænsefladen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tjenesten Systemgendannelse: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Temaer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8.979 bytes
Report generated in 0,125 seconds

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 24 January 2007 - 02:05 PM

95 secs is quick by some measures
=========================
DownLoad http://www.cexx.org/lspfix.htm

Launch the LSP application, and click the "I know what I'm doing" checkbox.

Move nothing just click Finish.
=============================
DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

Do a defrag after emptying the trash
====================
Download Superantispyware

http://www.superantispyware.com/superantis...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

Edited by MFDnSC, 24 January 2007 - 02:06 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 JanSorensen

JanSorensen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 24 January 2007 - 08:17 PM

Thank you for taking the time to look at my logs. I have done as you suggested but unfortunately it had no effect on the time it takes to boot.
Do you know of a way to make a log with timestamps that covers the entire boot process - or as much as possible? /bootlog sadly lacks timestamps as far as I can tell.
Maybe this is just how long my machine is suppose to take but it seems fairly long considering how little I load.
Here are the logs though I doubt they contain any relevant information. The file casino.exe is actually one compiled myself and not what the log claims it to be. I deleted it evenso.

Logfile of HijackThis v1.99.1
Scan saved at 01:56:53, on 25-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PopupManager Class - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - C:\Programmer\Popup Manager\PopupMgr_1.0.1.5.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\LOM.ocx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmer\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://downol.dr.dk/download/netradio/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://vs03-us.protier.com/SupportFiles/client/msrdp.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmer\Fælles filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmer\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - AVIRA GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmer\Fælles filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Programmer\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


StartupList report, 25-01-2007, 01:58:19
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe
C:\Programmer\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Skrivebord\HijackThis\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmer\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Programmer\Popup Manager\PopupMgr_1.0.1.5.dll - {08E74C67-99A6-45C7-94DA-A397A8FD8082}

--------------------------------------------------

Enumerating Download Program Files:

[Rawflow ICD Client]
InProcServer32 = C:\WINDOWS\DOWNLO~1\Rawflow.ocx
CODEBASE = http://downol.dr.dk/download/netradio/Rawflow.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwa...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

[ewidoOnlineScan Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL
CODEBASE = http://download.ewido.net/ewidoOnlineScan.cab

[MSSecurityAdvisor Class]
InProcServer32 = C:\WINDOWS\System32\mssecadv.dll
CODEBASE = http://download.microsoft.com/download/0/5...b?1066240840421

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

[Microsoft RDP Client Control (redist)]
InProcServer32 = C:\WINDOWS\DOWNLO~1\msrdp.ocx
CODEBASE = http://vs03-us.protier.com/SupportFiles/client/msrdp.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan/as5/asinst.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

[Get_ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\IENETO~1.OCX
CODEBASE = http://apps.corel.com/nos_dl_manager/plugi...NetOpPlugin.ocx

[Secure Delivery]
CODEBASE = http://www.gamespot.com/KDX/kdx.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

AntiVir PersonalEdition Premium MailGuard: C:\Programmer\AntiVir PersonalEdition Premium\avmailc.exe (autostart)
AntiVir PersonalEdition Premium Guard: C:\Programmer\AntiVir PersonalEdition Premium\avguard.exe (autostart)
Aspi32: System32\drivers\aspi32.sys (autostart)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Computerbrowser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Startprogram til DCOM Serverproces: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP-klientprogram: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
DNS-klient: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Hændelseslog: %SystemRoot%\system32\services.exe (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Arbejdsstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
O&O Defrag: C:\WINDOWS\system32\oodag.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
Beskyttet lager: %SystemRoot%\system32\lsass.exe (autostart)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
SAM (Security Accounts Manager): %SystemRoot%\system32\lsass.exe (autostart)
Opgavestyring: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Hardwaregenkendelse på brugergrænsefladen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Tjenesten Systemgendannelse: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Temaer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8.737 bytes
Report generated in 0,156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


SUPERAntiSpyware Scan Log
Generated 01/25/2007 at 01:48 AM

Application Version : 3.5.1016

Core Rules Database Version : 3171
Trace Rules Database Version: 1181

Scan type : Complete Scan
Total Scan Time : 01:27:28

Memory items scanned : 233
Memory threats detected : 0
Registry items scanned : 5690
Registry threats detected : 0
File items scanned : 121221
File threats detected : 160

Adware.Tracking Cookie
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mediaonenetwork[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@rotator.adjuggler[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@image.masterstats[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@rambler[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.mediakey[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@server.cpmstar[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.vg.basefarm[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@questionmarket[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.albawaba[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@casalemedia[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@warlog[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@xiti[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@hotlog[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ad.yieldmanager[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@highbeam.122.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cgi-bin[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@75988523[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cassava[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@amsterdamlivexxx[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@list[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@dhdmedia[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@sexdebut[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adtech[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@serving-sys[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.sex-debat[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@2o7[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@network.realmedia[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@zedo[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads2.jubii[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@tradedoubler[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@stat.dealtime[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ad1.emediate[3].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@indextools[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@advert.travlang[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@stats1.reliablestats[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cgi-bin[3].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adrevolver[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@tripod[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@82743606[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.burstnet[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@indexstats[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@stat.postdanmark[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.pointroll[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adfair[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@track.adform[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@bannere.fyens[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adopt.euroclick[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.cbox[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cgi-bin[5].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@dk.winantivirus[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@statcounter[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@yadro[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@spylog[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@revenue[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@vacanceselect[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@bs.serving-sys[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@britembassy[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mb[4].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@transmedia[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@888[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adbrite[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.sexnoveller[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@admarketplace[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@atwola[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@revsci[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@sexnoveller[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@e2.emediate[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@maxserving[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cgi-bin[4].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adserver.banneradministration[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mediavantage[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@as1.falkag[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@acvs.mediaonenetwork[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@winantivirus[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.winantivirus[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@sex-debat[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@perf.overture[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@metacafe.122.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@clickbank[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ad.ifrance[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adserver.71i[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@pcstats[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cz3.clickzs[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1063703289[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@cgi-bin[7].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@singlesex[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@webstat[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@server.iad.liveperson[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@38492175[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mb[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@realmedia[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ad1.emediate[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@webpower[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@web-stat[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adserver.filefront[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@tacoda[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads.dailyrush[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@kanoodle[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@heavycom.122.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@edge.ru4[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@budgetcarhire.112.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adserver[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@offers.intermediainteractive[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@data2.perf.overture[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@http.edge.vru4[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@globalstat[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@overture[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@34292599[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1072661277[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@microsofteup.112.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@tribalfusion[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ads[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@a[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.short-media[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adrevolver[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@apmebf[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1068243107[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@c.goclick[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mediaplex[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@gostats[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@adbrite.122.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.nabosex[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@anad.tacoda[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1068906080[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@hitbox[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ehg-dig.hitbox[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ehg-oreilly.hitbox[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@burstnet[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@bizrate[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1070831707[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@tracking.notabenestats[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@www.etracker[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@clickauditor[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@fastclick[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@partypoker[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@advertising[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@keywordmax[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@ljohnstone.freestats[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@sexstoriespost[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@centrebet.advertserve[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@yieldmanager[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@psyke-sex[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1072556060[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@partygaming.122.2o7[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@interclick[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@stats[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1067824383[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@stat.onestat[2].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@doubleclick[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@1070431054[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@m1.webstats4u[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@mb[3].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@atdmt[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@reduxads.valuead[1].txt
C:\Documents and Settings\Jan Sørensen.JAN-QJHFA1LK9XV\Cookies\jan sørensen@toplist_demo[2].txt

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAMMER\BORLAND\CASINO.EXE

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 24 January 2007 - 08:45 PM

IE - Block Third party cookies
1. Click on the Tools button on the Internet Explorer tool bar.
2. Highlight and click on Internet options at the bottom of the Tools menu.
3. Select the Privacy Tab of the Internet Options menu.
4. Select the Advanced... button at the bottom of the screen.
5. Select override automatic cookie handling button.
6. To block third party cookies select block under "Third-party cookies".
7. Select "always allow session cookies".
8. Click on the OK button at the bottom of the screen.
================

Did you run easy cleaner

=========

Log is fine - I doubt you have a real problem - how much memory do you have
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#5 JanSorensen

JanSorensen
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:19 PM

Posted 25 January 2007 - 03:33 AM

Yes, I ran Easy Cleaner.
I have 2GB ram and a 2.6Mhz Pentium.

As you say, I probably dont have a real problem.
Do you know off a way to get a log with timestamps from the boot process though?

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:08:19 AM

Posted 25 January 2007 - 10:15 AM

Google boot log

This one has a free trial

http://greatis.com/utilities/bootlogxp/
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 YounGun

YounGun

    The malware-fighting kid


  • Members
  • 244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania, Bucharest
  • Local time:03:19 PM

Posted 01 February 2007 - 03:44 PM

Heya :thumbsup:

I'll be helping you from now on.

I would like to see if any other startups are involved. To do this, I need to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.[/i]

If you are not familiar with Silent Runners, see the tutorial here for more help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users