Since yesterday my Windows XP has been acting up. It mostly has to do with my cursor. Like when I just click once on right mouse it often acts like a double click (opening files, executing things etc). Or I would just highlight a file with right mouse click and then it acts like I want to drag the file somewhere. Or I dont get much reaction from my clicks at all, like I have to click on the X extra hard, three times or so until a window closes. Or the scrolling doesnt properly work, whether in a browser, explorer or task window. This is all driving me nuts!
I figure this could be my mouse driver being corrupt or something but Im also suspecting its a virus because ever since this behavior my full version MalwareBytes keeps blocking IP addresses, reporting "malicious IPs". On the other hand, my PeerGuardian wasn't blocking ANY IPs no more, the windows just kept being blank. But strangely enough when I do all types of scan with MB, plus a combofix run nothing is found! Yet I sit here restarting my computer over and over again just to be faced with the same odd problem. I also ran HijackThis log and couldnt find anything suspicious. CCleaner didn't improve anything either (though it removed quite a chunk). Ive cleaned all my temp files, browser cookies and histories but still, the problem persists. At least I dont seem to be getting those IP "attacks" anymore and PeerGuardian is working fine again too. Could it be just my mouse? crazy.gif
Here are my logs, please tell me if you can find anything that might be causing this. Thanks!
MB Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4785
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
09.10.2010 17:02:42
mbam-log-2010-10-09 (17-02-42).txt
Scan type: Full scan (D:\|)
Objects scanned: 201432
Time elapsed: 47 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MB Protection Log:
15:51:45 Dennis IP-BLOCK 222.65.243.157
15:52:20 Dennis IP-BLOCK 218.9.97.145
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
16:04:48 Dennis MESSAGE IP Protection stopped
16:06:25 Dennis MESSAGE Database updated successfully
16:06:30 Dennis MESSAGE IP Protection started successfully
16:07:59 Dennis IP-BLOCK 218.7.195.139
16:10:57 Dennis IP-BLOCK 218.7.195.139
16:13:11 Dennis IP-BLOCK 121.13.127.182
16:13:55 Dennis IP-BLOCK 58.240.39.117
16:19:54 Dennis IP-BLOCK 218.7.195.139
16:23:00 Dennis IP-BLOCK 218.7.195.139
16:28:56 Dennis IP-BLOCK 218.7.195.139
16:31:51 Dennis IP-BLOCK 218.7.195.139
16:34:03 Dennis IP-BLOCK 222.69.5.139
16:34:56 Dennis IP-BLOCK 218.7.195.139
16:37:08 Dennis IP-BLOCK 222.69.14.199
16:37:14 Dennis IP-BLOCK 202.103.221.15
16:46:55 Dennis IP-BLOCK 222.69.214.231
16:46:58 Dennis IP-BLOCK 58.240.212.92
16:52:35 Dennis IP-BLOCK 121.8.235.67
17:02:43 Dennis IP-BLOCK 58.240.244.20
17:09:34 (null) IP-BLOCK 121.8.153.6
17:11:38 Dennis MESSAGE Protection started successfully
17:11:43 Dennis MESSAGE IP Protection started successfully
17:50:26 Dennis MESSAGE Protection started successfully
17:50:42 Dennis MESSAGE IP Protection started successfully
18:37:56 Dennis MESSAGE Protection started successfully
18:38:01 Dennis MESSAGE IP Protection started successfully
20:09:41 Dennis MESSAGE Protection started successfully
20:09:45 Dennis MESSAGE IP Protection started successfully
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:01, on 09.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\Winamp\winamp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
F:\Temp\TrendMicro\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PeerGuardian] D:\Programme\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5711 bytes
I figure this could be my mouse driver being corrupt or something but Im also suspecting its a virus because ever since this behavior my full version MalwareBytes keeps blocking IP addresses, reporting "malicious IPs". On the other hand, my PeerGuardian wasn't blocking ANY IPs no more, the windows just kept being blank. But strangely enough when I do all types of scan with MB, plus a combofix run nothing is found! Yet I sit here restarting my computer over and over again just to be faced with the same odd problem. I also ran HijackThis log and couldnt find anything suspicious. CCleaner didn't improve anything either (though it removed quite a chunk). Ive cleaned all my temp files, browser cookies and histories but still, the problem persists. At least I dont seem to be getting those IP "attacks" anymore and PeerGuardian is working fine again too. Could it be just my mouse? crazy.gif
Here are my logs, please tell me if you can find anything that might be causing this. Thanks!
MB Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4785
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
09.10.2010 17:02:42
mbam-log-2010-10-09 (17-02-42).txt
Scan type: Full scan (D:\|)
Objects scanned: 201432
Time elapsed: 47 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
MB Protection Log:
15:51:45 Dennis IP-BLOCK 222.65.243.157
15:52:20 Dennis IP-BLOCK 218.9.97.145
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
15:54:12 Dennis IP-BLOCK 222.69.5.139
16:04:48 Dennis MESSAGE IP Protection stopped
16:06:25 Dennis MESSAGE Database updated successfully
16:06:30 Dennis MESSAGE IP Protection started successfully
16:07:59 Dennis IP-BLOCK 218.7.195.139
16:10:57 Dennis IP-BLOCK 218.7.195.139
16:13:11 Dennis IP-BLOCK 121.13.127.182
16:13:55 Dennis IP-BLOCK 58.240.39.117
16:19:54 Dennis IP-BLOCK 218.7.195.139
16:23:00 Dennis IP-BLOCK 218.7.195.139
16:28:56 Dennis IP-BLOCK 218.7.195.139
16:31:51 Dennis IP-BLOCK 218.7.195.139
16:34:03 Dennis IP-BLOCK 222.69.5.139
16:34:56 Dennis IP-BLOCK 218.7.195.139
16:37:08 Dennis IP-BLOCK 222.69.14.199
16:37:14 Dennis IP-BLOCK 202.103.221.15
16:46:55 Dennis IP-BLOCK 222.69.214.231
16:46:58 Dennis IP-BLOCK 58.240.212.92
16:52:35 Dennis IP-BLOCK 121.8.235.67
17:02:43 Dennis IP-BLOCK 58.240.244.20
17:09:34 (null) IP-BLOCK 121.8.153.6
17:11:38 Dennis MESSAGE Protection started successfully
17:11:43 Dennis MESSAGE IP Protection started successfully
17:50:26 Dennis MESSAGE Protection started successfully
17:50:42 Dennis MESSAGE IP Protection started successfully
18:37:56 Dennis MESSAGE Protection started successfully
18:38:01 Dennis MESSAGE IP Protection started successfully
20:09:41 Dennis MESSAGE Protection started successfully
20:09:45 Dennis MESSAGE IP Protection started successfully
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:01, on 09.10.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\svchost.exe
D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Programme\PeerGuardian2\pg2.exe
D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Programme\Winamp\winamp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\NOTEPAD.EXE
F:\Temp\TrendMicro\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [PeerGuardian] D:\Programme\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RoboForm Toolbar - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programme\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programme\AVG\AVG8\avgpp.dll (file missing)
O20 - Winlogon Notify: !SASWinLogon - Invalid registry found
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
--
End of file - 5711 bytes