Hi,

i would like to seek your help in dealing with something which is overwriting(or colliding) the nProtectGameguard of the game Maplestory. (this looks and sounds childish even as i'm typing it , hence forgive me. :red: )

Also cause i need to know if ipwins.exe is 'bad' for my PC and if so, assistance in the removal of it.

And hopefully a set of instructions or a guide to do a complete clean up of all the other possible crap in my PC.(other then reformetting provided it truly is the only way to solve the problems stated above.)

Any possible help is MUCH appreciated.
Thank You.

hi energizer13,


help in dealing with something which is overwriting(or colliding) the nProtectGameguard of the game Maplestory

a google search tells me this is a anticheating, debugging or reverse engineering (cracking) protection app. must come bundled with the game. is rootkit like in nature, installs its own driver, dosnt sound like anything i would want on my computer


if ipwins.exe is 'bad' for my PC

do you enjoy popups?


a set of instructions or a guide to do a complete clean up
lets start with this:

* Downloads:
* Please make sure you have the latest version. HJT 1.99.1
* http://www.downloads.subratam.org/hijackthis.zip
* If you are unfamiliar with zip programs get HijackThis.exe here:
* http://www.merijn.org/files/HijackThis.exe

* First put hijackthis into a permanent folder.
* Do this first - go to C: and create a new permanent folder.
Example C:\AntiSpyWare or C:\hijackthis
* This is necessary to ensure you have backups should anything go wrong.
* Then put (or download - choose "save" not "run") the hijackthis.exe file in this folder.
If you downloaded a zipped HJT file unzip it to the permanent folder so you have C:\hijackthis\hijackthis.exe.
* Example of the wrong way:
C:\DOCUME~1\Name\LOCALS~1\Temp\Temporary Directory for hijackthis.zip\HijackThis.exe
* Running hjt from the wrong folder may delay assistance as your helper will have to ask for a new log.

If in doubt use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.

* Double click HijackThis.exe.
* Hit None Of The Above, just start the program.
* Hit Scan.
* When the scan is finished, the "Scan" button will change into a "Save Log" button.
* Click that, save the log somewhere, and copy/paste in this thread
The HJT log

shelf life

Many thks for replying. Here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 2:32:24 PM, on 3/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aztech WL635USB Wireless B+G\tiwlnsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\Twain_32\V-Gear TalkCam Tracer CCD\SnapTrap.exe
C:\Program Files\V-Gear LiveShow\LiveShow.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe
C:\Program Files\PLANEX\GWUS54Mini\WLAN_GW-US54Mini.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BitLord\BitLord.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38880~1\Bar888.dll (file missing)
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38880~1\Bar888.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\V-Gear TalkCam Tracer CCD\SnapTrap.exe
O4 - HKLM\..\Run: [V-Gear LiveShow] "C:\Program Files\V-Gear LiveShow\LiveShow.exe" -m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK = D:\bia\Support\Register\RegistrationReminder.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PLANEX GW-US54Mini Utility.lnk = C:\Program Files\PLANEX\GWUS54Mini\WLAN_GW-US54Mini.exe
O4 - Global Startup: SATARaid.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZU
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102851877071
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner - C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Aztech WL635USB Wireless B+G\tiwlnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hi energizer13,

log dosnt look bad. lets use avg antimalware to see what it can dig up:

http://www.ewido.net/en/download/

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
* Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
* ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all
actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system.

Please post the AVG log in next reply.

if there are alot of cookies you can edit them out to keep it short.

shelf life

Just curious, 'a google search tells me this is a anticheating, debugging or reverse engineering (cracking) protection app. must come bundled with the game. is rootkit like in nature, installs its own driver, dosnt sound like anything i would want on my computer' i dun quite understand this. i'm not quite computer literate.

And here is the AVG Anti-Spyware - Scan Report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:51:24 PM 3/3/2007

+ Scan result:



C:\Program Files\Ipwindows\ipwins.dll -> Adware.Maxifiles : Cleaned.
C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Downloader.Agent : Cleaned.
C:\RECYCLER\S-1-5-18\Dc2\Update.exe -> Downloader.Agent : Cleaned.
C:\RECYCLER\S-1-5-18\Dc3\Update.exe -> Downloader.Agent : Cleaned.
C:\Documents and Settings\Court Jester\My Documents\My Received Files\XTrap.rar/XTrap.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.12:C:\Documents and Settings\Bearcat\Application Data\Mozilla\Firefox\Profiles\lxqg1ys1.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.13:C:\Documents and Settings\Bearcat\Application Data\Mozilla\Firefox\Profiles\lxqg1ys1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.14:C:\Documents and Settings\Bearcat\Application Data\Mozilla\Firefox\Profiles\lxqg1ys1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.11:C:\Documents and Settings\Bearcat\Application Data\Mozilla\Firefox\Profiles\lxqg1ys1.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Court Jester\Local Settings\Temp\Cookies\court jester@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.42:C:\Documents and Settings\Bearcat\Application Data\Mozilla\Firefox\Profiles\lxqg1ys1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Bearcat\Cookies\bearcat@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.64:C:\Documents and Settings\Court Jester\Application Data\Mozilla\Firefox\Profiles\qptwzc4p.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.65:C:\Documents and Settings\Court Jester\Application Data\Mozilla\Firefox\Profiles\qptwzc4p.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Court Jester\Cookies\court jester@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.68:C:\Documents and Settings\Court Jester\Application Data\Mozilla\Firefox\Profiles\qptwzc4p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Court Jester\Application Data\Mozilla\Firefox\Profiles\qptwzc4p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Court Jester\Application Data\Mozilla\Firefox\Profiles\qptwzc4p.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

hi energizer13,

good, avg took care of ipwins.dll. not a bad report, mostly cookies which are pretty much harmless


Just curious, 'a google search tells me this is a anticheating, debugging or reverse engineering (cracking) protection app. must come bundled with the game. is rootkit like in nature, installs its own driver, dosnt sound like anything i would want on my computer' i dun quite understand this. i'm not quite computer literate.


it came bundled with the game, i would think its so people cant use hacks with the game. it also protects the game from cracking.

cracking is using available apps to defeat nag screens, time limited software or to figure out the built in algorithm that generates the license key., so you can make your own of course and have free use of the software.
It is not a automated process and requires some knowledge from the user. Since the code is displayed at the CPU level some knowledge of assembly lanugauge is helpful along with a good hex editor.
some protection schemes are quite easy to crack/patch.

apparently its bundled with alot of games. rootkit like means that it can hide from detection and modify window processes, kind of like hangs around in the backround. the most famous is the sony rootkit that was bundled with certain CD's

the game makers are trying to protect there software, thats all. everyones a criminal/cheater in there view, hence the bundled extra with the game

most likely some of what it does was explained in the EULA before the software installed, most people dont read the EULA though.

do a search for nProtectGameguard, never mind, heres a good link about it:
http://www.answers.com/topic/gameguard

shelf life

Hi shelf life,

Your firewall video and the nProtect Gameguard link was most enlightening. (:
Juz 1 last question, based on those few logs above, are you able to identify the reason as to which program the nProtect Gameguard is colliding with.

Energizer13.

P.S. my firewall is not the 1 stated in link you gave so it's not the firewall.
i think . >.>

hi energizer13,

glad you enjoyed the movie.


are you able to identify the reason as to which program the nProtect Gameguard is colliding with

cant tell, that gameguard is so intrusive theres no telling. just a guess, maybe ProcessGuard? if PG is active iam sure gameguard would drive it totally nuts!
---------------------------------------
your hjt log:
scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38880~1\Bar888.dll (file missing)

O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{38880~1\Bar888.dll (file missing)

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...rch.jhtml?p=ZU

also look in add/remove programs panel and uninstall if present
MyWebSearch
---------------------------------------
reboot once and rescan and post anew hjt log please.

shelf life

Hi,

i thought about it and pulled PG out of the C:\WINDOWS\system32\drivers and now nProtect GameGuards runs. Guess your guess was spot on. But was this a wise move?

And here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 10:05:05 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Aztech WL635USB Wireless B+G\tiwlnsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\WINDOWS\Twain_32\V-Gear TalkCam Tracer CCD\SnapTrap.exe
C:\Program Files\V-Gear LiveShow\LiveShow.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Aztech WL635USB Wireless B+G\TIWLANCu.exe
C:\Program Files\PLANEX\GWUS54Mini\WLAN_GW-US54Mini.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} -

C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN

Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef

/Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2

\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32

\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA

Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\V-Gear TalkCam Tracer CCD\SnapTrap.exe
O4 - HKLM\..\Run: [V-Gear LiveShow] "C:\Program Files\V-Gear LiveShow\LiveShow.exe" -m
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe"
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe

Gamma Loader.exe
O4 - Startup: Registration Brothers In Arms.LNK =

D:\bia\Support\Register\RegistrationReminder.exe
O4 - Startup: services.lnk = ?
O4 - Global Startup: Aztech WL635USB Wireless B+G Utility.lnk = C:\Program Files\Aztech

WL635USB Wireless B+G\TIWLANCu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: PLANEX GW-US54Mini Utility.lnk = C:\Program

Files\PLANEX\GWUS54Mini\WLAN_GW-US54Mini.exe
O4 - Global Startup: SATARaid.lnk = ?
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program

Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?

1102851877071
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} -

http://download.netmarble.com/kdefence/kdfense8237.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) -

http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) -

http://www.gamengame.com/KALogoutComponent.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1

\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32

\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program

Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: DiamondCS ProcessGuard Service v3.410 (DCSPGSRV) - Unknown owner -

C:\Program Files\ProcessGuard\dcsuserprot.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Program

Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program

Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Aztech

WL635USB Wireless B+G\tiwlnsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

hi energizer13,


i thought about it and pulled PG out of the C:\WINDOWS\system32\drivers and now nProtect GameGuards runs. Guess your guess was spot on. But was this a wise move?

Processguard is a excellent security tool and its very possible to have a "secure" computer without using it.

what bothers me is that gameguard is so intrusive, wont run with processguard? or kerio firewall? has all kinds of control over other window processes?

something thats so intrusive might cause other security problems (not intentionally) that could be exploited.

i would never have such a app with so much control (and out of my control)on my computer, but thats just my own personal feeling.

was it a wise move? if you enjoy playing the game then i guess it was.

shelf life

Hi,

thx for your most useful opinion. my intention was to know that i am able to play the game. Not to play the game. but what you're saying is quite informative. it's not good to have such an intrusive program running. i never knew that this program could be so intrusive.

I guess this marks the end of this thread i suppose. the only problem left on my computer is something i doubt you can do very much. my lcd screen has this lines which move that appear every once in a while. does not hinder me too much. just annoys me that's all.

I shall not disturb you with this trivial things. So, a very very big thank you for helping me with making my computer 'better'(more usable and safer) :bigthumb:

Kudos to you.

hi energizer13,

now i see what you where asking (i think) the game should play fine without PG that is. gameguard must see pg as a threat ie a "hack" messing with it own intrusive processes!

you said you removed something from PG out of the system32 dir? if you didnt delete it i would move it back, then just run the PG uninstaller from the add/remove programs panel. if you deleted it run the uninstaller anyway and i dont think it will choke with the missing file.


lcd screen has this lines

have you poked around in the display settings, maybe change the monitors refresh rate. right click on desktop>properties the display properties window will open>under the settings tab click on the advanced tab, then monitor tab to change refresh rate
back at the main screen you might try changing your monitors screen resolution by using the slider.

shelf life

Hi,

Sorry for taking so long to reply. I defaulted the lcd's settings and the lines appear less often. I also used the expected resolution for this lcd screen. Ah well. Nothing's perfect. But thx for all you've done.

So.. this b the end of this thread. It's been nice knowing you. Bye.

Till my nxt problem we meet again i hope. Then again, hopefully i nvr will get a computer problem again. haha. guess that's a bit too much to ask for. :)

hi energizer13,

nice to know you too. if you have more troubles look me up.
you might visit your monitors website for any FAQ/troubleshooting sections

happy safe surfing.

shelf life