xp pro defrag help

andygaskell · #1 April 27th, 2004, 01:56 PM

hi i run the pc pitstop test and it tells me to gefrag so i did and run the test again and it says to do a defrag as soon as possible as i have just done one i have avg anyivirus and quick test keeps finding boot sector virus but when i look at the logs it says no virus could these problems be caused by a virus

thanks for any help

dammit · #2 April 27th, 2004, 02:25 PM

Hi buddy...yes they could...Download 'Hijack This!'create a new folder and put hijack into it Unzip, doubleclick HijackThis.exe, Check for updates first by clicking the config then tools buttons. and hit "Scan".
When the scan is finished, click "Save Log", and copy and paste it in a reply.
http://mjc1.com/files/merijn/HijackThis.exe It will show what's running on your computer...Don't make any changes until
someone checks it out.

Also Open up AVG>test results click on the last scan that has the problem> and then "write to file"
It should then produce a log which you can copy and post in here.

andygaskell · #3 April 27th, 2004, 06:47 PM

hi thanks for the reply here are my logs

Logfile of HijackThis v1.97.7
Scan saved at 18:42:43, on 27/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\csrss.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btbroadbandstart.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...rector7/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...027.6115740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1670FED-0687-47D6-8E3B-A6E9473579E4}: NameServer = 194.72.9.34 194.74.65.68

Partition table (MBR)okQuick checkedBoot sector of disk C:ChangeChangedSystem registry Software\Microsoft\Windows NT\CurrentVersion\Windows\LoadScannedSystem registry Software\Microsoft\Windows NT\CurrentVersion\Windows\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceE xScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunOnceE xScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesScannedSystem registry Software\Microsoft\Windows\CurrentVersion\RunServi cesOnceScannedSystem registry Software\Microsoft\Windows\CurrentVersion\Winlogon \UserinitScannedSystem registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ShellScannedSystem registry exefile\shell\open\commandScannedSystem registry scrfile\shell\open\commandScannedSystem registry scrfile\shell\config\commandScannedSystem registry batfile\shell\open\commandScannedSystem registry cmdfile\shell\open\commandScannedSystem registry comfile\shell\open\commandScannedSystem registry piffile\shell\open\commandScannedSystem registry giffile\shell\open\commandScannedSystem registry htmlfile\shell\open\commandScannedSystem registry htafile\shell\open\commandScannedSystem registry jpegfile\shell\open\commandScannedSystem registry txtfile\shell\open\commandScannedSystem registry regfile\shell\open\commandScannedSystem registry Word.Document.8\shell\open\commandScannedSystem registry WordPad.Document.1\shell\open\commandScannedC:\PROGRA~1\Grisoft\AVG7\avgcc.exeokQuick checkedC:\PROGRA~1\Grisoft\AVG7\avgemc.exeokQuick checkedC:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXEokQuick checkedC:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exeokQuick checkedC:\Program Files\Creative\Splash Screen\CTEaxSpl.EXEokQuick checkedC:\Program Files\Internet Explorer\iexplore.exeokQuick checkedC:\Program Files\MSN Messenger\MsnMsgr.ExeokQuick checkedC:\Program Files\Microsoft Office\Office\WINWORD.EXEokQuick checkedC:\Program Files\QuickTime\qttask.exeokQuick checkedC:\Program Files\Real\RealPlayer\RealPlay.exeokQuick checkedC:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exeokQuick checkedC:\WINDOWS\System32\CTHELPER.EXEokQuick checkedC:\WINDOWS\System32\RUNDLL32.EXEokQuick checkedC:\WINDOWS\System32\ctfmon.exeokQuick checkedC:\WINDOWS\System32\dslagent.exeokQuick checkedC:\WINDOWS\System32\gsicon.exeokQuick checkedC:\WINDOWS\System32\mshta.exeokQuick checkedC:\WINDOWS\System32\nwiz.exeokQuick checkedC:\WINDOWS\System32\rundll32.exeokQuick checkedC:\WINDOWS\csrss.exeokQuick checkedC:\WINDOWS\system32\NeroCheck.exeokQuick checkedC:\IO.SYSokQuick checkedC:\MSDOS.SYSokQuick checkedC:\WINDOWS\System32\kernel32.dllokQuick checkedC:\WINDOWS\System32\wsock32.dllokQuick checkedC:\WINDOWS\System32\user32.dllokQuick checkedC:\WINDOWS\System32\shell32.dllokQuick checkedC:\WINDOWS\System32\ntoskrnl.exeokQuick checked
when i click info on boot sector of c: it just says boot sector of c: changed and sometimes when i do another quick test it wont be there but if i do another it will be back i have done a complete test and that finds nothing

dammit · #4 April 27th, 2004, 07:07 PM

Back to the drawing board...your logs are clean!

Have you tried an online scan..maybe with PANDA?

andygaskell · #5 April 27th, 2004, 10:37 PM

hi tried panda and nothing also tried tried another cant remember which one but that found nothing aswell do you think i should click keep or change when avg finds another as long as it doesnt mess my comp up i wont be botherd but i dont want to do nothing just in case it does oh yes does it mean that avg has fixed the problem in my boot sector or should i use a different antivirus software because it keeps coming back
(formating is an option but i dont know if it will sort the problem out)
also when i do a defrag and it says complete and pc pitstop tells me to do one asap any suggestions
thanks for your time
andy

dammit · #6 April 28th, 2004, 12:36 AM

Hi again...after further advice Close all open windows...run hijack again and put a check in the boxes for the below entries..then hit "fix checked"

O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe

Reboot into safe mode..make sure you can view hidden files .... Go to start>search>files and folders and run a search for and delete the following files and/or folders when/if found.
Also ctrl>alt>del to bring up task manager..and end process on the below if running.
csrss.exe

If you can get hold of a copy of norton disk....2002/3/4 try booting with it..it might just sort the boot virus prob.

Meangean · #7 April 28th, 2004, 12:47 AM

go to start button go to run and type in msconfig and go to start up tab and take pics of what is starting up at start up

and upload em at imageshack.us

and post em here
plz

**AnnMarie** · #8 April 28th, 2004, 12:49 AM

Meangean, there is no need for Andy to do that. We can see all his startups in his log.

andygaskell · #9 April 28th, 2004, 01:27 AM

hi thanks again for your help i fixed checked rebooted in safe mode csrss.exe is there but i cant delete it and i cant delete the process either it says this is a critical system process and task manager cannot end this process
please can you tell me what it is and if it can/should be removed as i am getting mixed up by the things im reading on google search

dammit · #10 April 28th, 2004, 11:31 AM

Hi again..yeah I know it is a little confusing....the one you need to get rid of is C:\Windows\csrss.exe

Forget a general search and delete and just navigate to the above. It is a critical file...but only when run from the correct location. Spyware writers use the same names or very similar sometimes to confuse anyone trying to get rid of the crap...It's a good job windows warns when critical files are attempted to be deleted.

andygaskell · #11 April 28th, 2004, 01:36 PM

hi again the only one i can find is csrss

description:winpatch 1.5
company:StarMicrpSdn.
file version:3.0.0.0
date created:24/4/2004 20:57
size 106kb

is this the one i need to delete

and was that 04 - HKLM\..\RUN:[csrss] C:\WINDOWS\csrss.exe that i fixchecked with hijack this the right thing to do or do i have to restore it or something

thanks again for your time

dammit · #12 April 28th, 2004, 02:44 PM

Looking at the date created....yep. And I would run hijack again...that 04 entry is probably back,,,fix it again if it is.

andygaskell · #13 April 28th, 2004, 05:07 PM

hi in taskmanager ive got 2 csrss.exe processes running

csrss.exe andy&nicola
csrss.exe system

should i end 1 or both of them and then try to delete csrss from c:windows then run hijackthis

dammit · #14 April 28th, 2004, 05:19 PM

I would run hijack again...delete the 04 entry....reboot..and then check processes again.See if they are both still running...those 2 are likely to be ok though.

andygaskell · #15 April 28th, 2004, 05:34 PM

hi right i couldnt end either process i deleted c:windows\csrss.exe rebooted and guess what ive only got 1 process running csrrs.exe system in task manager and its back in my hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 17:29:33, on 28/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe
C:\WINDOWS\System32\gsicon.exe
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.btbroadbandstart.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SAITEKAUTOCONFIGURE] C:\Program Files\Saitek\Saitek Gaming Extensions\saicnfig.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 2.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...rector7/sw.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/soft...ch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...027.6115740741
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

hope i aint done something wrong the above done in safe mode before reboot and hijackthis after reboot