Webmaster Forum Webmaster discussion on numerous topics including Website design, programming, scripting, hosting, server administration, search engines, and operating systems http://www.ozzu.com Sat, 04 Jul 2009 04:08:02 -0700 rohan4290 Fri, 03 Jul 2009 17:47:05 -0700 http://www.ozzu.com/mswindows-forum/internet-explorer-closes-autmoatically-and-comp-loads-slow-t98742.html http://www.ozzu.com/mswindows-forum/internet-explorer-closes-autmoatically-and-comp-loads-slow-t98742.html Internet Explorer closes autmoatically and Comp loads slow Scan saved at 8:27:54 PM, on 7/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesCommon FilesMicrosoft SharedInkKeyboardSurrogate.exe
C:WINDOWSSYSTEM32WISPTIS.EXE
C:WINDOWSSystem32tabbtnu.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32ctfmon.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesSymantec SharedccProxy.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesMicrosoft SharedInkTCServer.exe
C:Program FilesLavasoftAd-Awareaawservice.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe
C:WINDOWSsystem32libusbd-nt.exe
C:Program FilesLinksysLinksys UpdaterbinLinksysUpdater.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesIntelWirelessBinRegSrvc.exe
C:WINDOWSsystem32java.exe
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
C:WINDOWSSystem32alg.exe
C:Program FilesCommon FilesMicrosoft SharedInkTabTip.exe
C:Program FilesSynapticsSynTPSynTPLpr.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
C:Program FilesMotorolaSMSERIALsm56hlpr.exe
C:Program FilesCyberLinkPowerDVDPDVDServ.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:PROGRA~1SYMANT~1SYMANT~2VPTray.exe
C:Program FilesIntelWirelessbinZCfgSvc.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesJavajre1.6.0_07binjusched.exe
C:Program FilesComcastDesktop Doctorbinsprtcmd.exe
C:WINDOWSstsystra.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesIntelWirelessBinDot1XCfg.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:Program FilesSpyware DoctorpctsTray.exe
C:Documents and SettingsAdministratorDesktopHijackHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.cnn.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://www.metacrawler.com/crawler?general=%s
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = :0
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:Program FilesAIM Toolbaraimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 inetavirus.com
O1 - Hosts: 94.232.248.66 http://www.inetavirus.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:Program FilesAIM Toolbaraimtb.dll
O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:WINDOWSsystem32iehelper.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: WikiSearch - {44E7EF6C-6F5C-4AAF-A080-7725A27878ED} - C:PROGRA~1WIKISE~1WIKIPE~1.DLL
O3 - Toolbar: YouTube Toolbar - {B63D81CF-90DC-4d13-8782-9524A2752039} - C:Program FilesYouTube ToolbarDCCFBF5.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:Program FilesAIM Toolbaraimtb.dll
O4 - HKLM..Run: [TabletTip] "C:Program FilesCommon Filesmicrosoft sharedinktabtip.exe" /resume
O4 - HKLM..Run: [Snippet] "C:Program FilesMicrosoft Experience PackSnipping ToolSnippingTool.exe" /i
O4 - HKLM..Run: [SynTPLpr] C:Program FilesSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [Recguard] %WINDIR%SMINSTRECGUARD.EXE
O4 - HKLM..Run: [IAAnotif] C:Program FilesIntelIntel Matrix Storage Manageriaanotif.exe
O4 - HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 - HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [vptray] C:PROGRA~1SYMANT~1SYMANT~2VPTray.exe
O4 - HKLM..Run: [IntelZeroConfig] "C:Program FilesIntelWirelessbinZCfgSvc.exe"
O4 - HKLM..Run: [IntelWireless] "C:Program FilesIntelWirelessBinifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre1.6.0_07binjusched.exe"
O4 - HKLM..Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM..Run: [net] "C:WINDOWSsystem32net.net"
O4 - HKLM..Run: [MSConfig] C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKLM..Run: [ISTray] "C:Program FilesSpyware DoctorpctsTray.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [net] "C:WINDOWSsystem32net.net"
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:Program FilesMicrosoft OfficeOFFICE11ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &AIM Toolbar Search - C:Documents and SettingsAll UsersApplication DataAIM ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Find on Wikipedia... - C:Program FilesWikiSearch Toolbarcm.html
O8 - Extra context menu item: Send To &Bluetooth - C:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra Tools menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:Program FilesAIM Toolbaraimtb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra Tools menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra Tools menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesjuniper networkssecure application managersamnsp.dll
O10 - Unknown file in Winsock LSP: c:program filesjuniper networkssecure application managersamnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} (Anark Client 4.0 ActiveX Control) - http://install.anark.com/client/version ... Client.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://dmcnf02.dmc.org/Citrix/ICAWEB/e ... wficat.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://remoteaccess.hfhs.org/dana-cach ... tupSP1.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%System32dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:WINDOWSSYSTEM32igfxdev.dll
O20 - Winlogon Notify: loginkey - C:Program FilesCommon FilesMicrosoft SharedInkloginkey.dll
O20 - Winlogon Notify: NavLogon - C:WINDOWSsystem32NavLogon.dll
O20 - Winlogon Notify: TabBtnWL - C:WINDOWSSYSTEM32TabBtnWL.dll
O20 - Winlogon Notify: tpgwlnotify - C:WINDOWSSYSTEM32tpgwlnot.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:WINDOWSsystem32WPDShServiceObj.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:Program FilesWIDCOMMBluetooth Softwarebinbtwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusDefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage Manageriaantmon.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallISSVC.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:WINDOWSsystem32libusbd-nt.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:Program FilesLinksysLinksys UpdaterbinLinksysUpdater.exe" -s "C:Program FilesLinksysLinksys Updaterconfwrapper.conf (file missing)
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:Program FilesIntelWirelessBinS24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:Program FilesSymantec Client SecuritySymantec AntiVirusSavRoam.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program FilesSpyware DoctorpctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program FilesSpyware DoctorpctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCSvc.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - Unknown owner - C:Program FilesComcastDesktop Doctorbinsprtsvc.exe" /service /P ddoctorv2 (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec AntiVirusRtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:Program FilesSymantec Client SecuritySymantec Client FirewallSymSPort.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe

Thanks for your help!]]><br /><br />Topic Replies: 1 v3ninz Thu, 02 Jul 2009 03:45:41 -0700 http://www.ozzu.com/mswindows-forum/need-help-with-adobe-projector-t98702.html http://www.ozzu.com/mswindows-forum/need-help-with-adobe-projector-t98702.html Need help with Adobe Projector
Got this problem, Im trying to open a .exe file on windows 7. It opened about 2 months ago without a problem but now when i try and open it theres an error which says adobe projector has stopped working. Ive searched around and so far ive found only 1 solution which is to change the compatability to an older version of Windows, Ive tried them all still doesnt work and gives me the same error :S

Please help! Thanks a lot,
Oxy]]><br /><br />Topic Replies: 4 Thunderfudge Wed, 01 Jul 2009 19:35:18 -0700 http://www.ozzu.com/mswindows-forum/suspected-keylogger-t98693.html http://www.ozzu.com/mswindows-forum/suspected-keylogger-t98693.html Suspected Keylogger
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:33:31 PM, on 2/07/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesSymantecSymantec Endpoint ProtectionSmcGui.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:WindowsOEM02Mon.exe
C:WindowsWindowsMobilewmdc.exe
C:WindowsSystem32ico.exe
C:Program FilesDellDell Webcam ManagerDellWMgr.exe
C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe
C:Program FilesDellMediaDirectPCMService.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe
C:Program FilesUnlockerUnlockerAssistant.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesSigmatelC-Major AudioWDMsttray.exe
C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe
C:Program FilesDell Support Centerbinsprtcmd.exe
C:Program FilesDellSupportDSAgnt.exe
C:Windowssystem32igfxsrvc.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesSiber SystemsAI RoboFormrobotaskbaricon.exe
C:Program FilesWIDCOMMBluetooth SoftwareBTTray.exe
C:Program FilesDellQuickSetquickset.exe
C:Program FilesStardockObjectDockObjectDock.exe
c:Program FilesWIDCOMMBluetooth SoftwareBtStackServer.exe
C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
C:Program FilesCommon FilesRoxio Shared9.0SharedCOMCPSHelpRunner.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:program filesmozilla firefoxfirefox.exe
C:Program FilesSymantecSymantec Endpoint ProtectionSavUI.exe
C:Program FilesSymantecLiveUpdateluall.exe
C:Windowssystem32MsiExec.exe
C:Windowssystem32SearchProtocolHost.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:Program FilesCopernic AgentCopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet Explorer provided by Dell
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:PROGRA~1COPERN~1COPERN~2.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:Program FilesJavajre1.6.0binssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.1.1309.15642swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:Program FilesDellBAEBAE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:Program FilesCopernic AgentCopernicAgentExt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:Program FilesSiber SystemsAI RoboFormroboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:Program FilesAdobe/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [ECenter] C:DellE-CenterEULALauncher.exe
O4 - HKLM..Run: [SynTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [OEM02Mon.exe] C:WindowsOEM02Mon.exe
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [PMX Daemon] ICO.EXE
O4 - HKLM..Run: [DELL Webcam Manager] "C:Program FilesDellDell Webcam ManagerDellWMgr.exe" /s
O4 - HKLM..Run: [ISUSScheduler] "C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe" -start
O4 - HKLM..Run: [RoxWatchTray] "C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe"
O4 - HKLM..Run: [PCMService] "C:Program FilesDellMediaDirectPCMService.exe"
O4 - HKLM..Run: [dscactivate] c:delldsca.exe 3
O4 - HKLM..Run: [Google Desktop Search] "C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe" /startup
O4 - HKLM..Run: [VirtualCloneDrive] "C:Program FilesElaborate BytesVirtualCloneDriveVCDDaemon.exe" /s
O4 - HKLM..Run: [UnlockerAssistant] "C:Program FilesUnlockerUnlockerAssistant.exe"
O4 - HKLM..Run: [Norton Ghost 14.0] "C:Program FilesNorton GhostAgentVProTray.exe"
O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMsttray.exe
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program FilesAdobeAcrobat 8.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Adobe_ID0EYTHM] C:PROGRA~1COMMON~1AdobeADOBEV~1ServerbinVERSIO~3.EXE
O4 - HKLM..Run: [dellsupportcenter] "C:Program FilesDell Support Centerbinsprtcmd.exe" /P dellsupportcenter
O4 - HKCU..Run: [DellSupport] "C:Program FilesDellSupportDSAgnt.exe" /startup
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [RoboForm] "C:Program FilesSiber SystemsAI RoboFormRoboTaskBarIcon.exe"
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User LOCAL SERVICE)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User NETWORK SERVICE)
O4 - Startup: Stardock ObjectDock.lnk = C:Program FilesStardockObjectDockObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = C:Program FilesDellQuickSetquickset.exe
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Customize Menu - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O8 - Extra context menu item: Search Using Copernic Agent - res://C:Program FilesCopernic AgentCopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:Program FilesJavajre1.6.0binnpjpi160.dll
O9 - Extra Tools menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:Program FilesJavajre1.6.0binnpjpi160.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:Program FilesCopernic AgentCopernicAgent.exe
O9 - Extra Tools menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:Program FilesCopernic AgentCopernicAgent.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra Tools menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra Tools menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra Tools menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra Tools menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComSavePass.html
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:Program FilesCopernic AgentCopernicAgent.exe
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra Tools menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:Program FilesSiber SystemsAI RoboFormRoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O9 - Extra Tools menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:Program FilesWIDCOMMBluetooth Softwarebtsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:windowssystem32securenet.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32securenet.dll
O10 - Unknown file in Winsock LSP: c:windowssystem32securenet.dll
O13 - Gopher Prefix:
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.ap.dell.com/systemprofiler/SysProExe.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:Program FilesGoogleGoogle ToolbarComponentfastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:PROGRA~1GoogleGOOGLE~2GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:Program FilesCommon FilesAdobeAdobe Version Cue CS3ServerbinVersionCueCS3.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:Windowssystem32aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: DSBrokerService - Unknown owner - C:Program FilesDellSupportbrkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:Program FilesIntelWirelessBinEvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~2.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:Program FilesNorton GhostAgentVProSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:Program FilesIntelWirelessBinRegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxWatch9.exe
O23 - Service: SecureSrv - My Privacy Tools, Inc. - C:Program FilesHide My IP 2009SecureSrv.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSmc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionSNAC.EXE
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:Program FilesDell Support Centerbinsprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:Windowssystem32STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program FilesCommon FilesSureThing Sharedstllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:Program FilesSymantecSymantec Endpoint ProtectionRtvscan.exe
O23 - Service: SymSnapService - Symantec - C:Program FilesNorton GhostSharedDriversSymSnapService.exe
O23 - Service: @%SystemRoot%System32TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:WindowsSystem32TuneUpDefragService.exe
O23 - Service: @%SystemRoot%System32TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:WindowsSystem32TUProgSt.exe
O23 - Service: WeOnlyDo wodAppUpdate Service - WeOnlyDo Software - C:Program FilesBraid Art LabsGroBotobinwodUpdSv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:Windowssystem32DRIVERSxaudio.exe

--
End of file - 17551 bytes]]><br /><br />Topic Replies: 0 a1cbecker Wed, 01 Jul 2009 15:25:53 -0700 http://www.ozzu.com/mswindows-forum/possible-keylogger-t98684.html http://www.ozzu.com/mswindows-forum/possible-keylogger-t98684.html Possible Keylogger Scan saved at 5:21:12 PM, on 7/1/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Program Files (x86)WebrootWebrootSecuritySpySweeperUI.exe
C:Program Files (x86)Mozilla Firefoxfirefox.exe
C:Program Files (x86)Common FilesAdobeUpdater6Adobe_Updater.exe
C:Program Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.worldofwarcraft.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b= ... 7805u&c=BB
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:Program Files (x86)AskBarDisbarbinaskBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:Program Files (x86)AskBarDisbarbinaskBar.dll
O4 - HKLM..Run: [SpySweeper] "C:Program Files (x86)WebrootWebrootSecuritySpySweeperUI.exe" /startintray
O4 - HKCU..Run: [WMPNSCFG] C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User LOCAL SERVICE)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User NETWORK SERVICE)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra Tools menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O9 - Extra Tools menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll
O13 - Gopher Prefix:
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)
O23 - Service: ASKService - Unknown owner - C:Program Files (x86)AskBarDisbarbinAskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:Program Files (x86)AskBarDisbarbinASKUpgrade.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe
O23 - Service: Intel PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:Program FilesIntelWiFibinEvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program Files (x86)Common FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)
O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:Program Files (x86)O2Micro Flash Memory Card Drivero2flash.exe
O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: Intel PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:Program FilesCommon FilesIntelWirelessCommonRegSrvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - (no file)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)
O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe
O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)
O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe
O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)
O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:Program Files (x86)WebrootWebrootSecuritySpySweeper.exe
O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:Program Files (x86)WebrootWebrootSecurityWRConsumerService.exe
O23 - Service: XAudioService - Unknown owner - C:Windowssystem32DRIVERSxaudio64.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7813 bytes

Hey all, feel like I may have a keylogger. Any ideas?]]><br /><br />Topic Replies: 1 TwistedpF Tue, 30 Jun 2009 22:18:33 -0700 http://www.ozzu.com/mswindows-forum/keylogger-help-t98671.html http://www.ozzu.com/mswindows-forum/keylogger-help-t98671.html Keylogger help
heres my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:08 PM, on 6/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:WindowsSystem32smss.exe
C:Windowssystem32csrss.exe
C:Windowssystem32wininit.exe
C:Windowssystem32csrss.exe
C:Windowssystem32services.exe
C:Windowssystem32lsass.exe
C:Windowssystem32lsm.exe
C:Windowssystem32winlogon.exe
C:Windowssystem32svchost.exe
C:Windowssystem32nvvsvc.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32Ati2evxx.exe
C:WindowsSystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:Windowssystem32SLsvc.exe
C:Windowssystem32svchost.exe
C:Windowssystem32rundll32.exe
C:Windowssystem32Ati2evxx.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32spoolsv.exe
C:Windowssystem32svchost.exe
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskeng.exe
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:Program FilesJavajre6binjusched.exe
C:WindowsSystem32rundll32.exe
C:Program FilesPC Tools AntiVirusPCTAV.exe
C:Program FilesVista Start MenuVistaStartMenu.exe
C:Program FilesLogitechSetPoint IISetpointII.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesPC Tools AntiVirusPCTAVSvc.exe
C:Windowssystem32PnkBstrA.exe
C:Windowssystem32svchost.exe
C:Windowssystem32svchost.exe
C:WindowsSystem32svchost.exe
C:Windowssystem32SearchIndexer.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWindows Media Playerwmpnetwk.exe
C:Program FilesSteamSteam.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesVentriloVentrilo.exe
C:Windowssystem32wbemwmiprvse.exe
C:Program FilesCommon FilesLogishrdKHAL2KHALMNPR.EXE
C:Program FilesCommon FilesSteamSteamService.exe
C:Program FilesiPodbiniPodService.exe
C:WindowsservicingTrustedInstaller.exe
C:Windowssystem32wuauclt.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Windowssystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSConfigcsrss.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:Program FilesAskBarDisbarbinaskBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:Program FilesAskBarDisbarbinaskBar.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Skytel] Skytel.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:Windowssystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [PCTAVApp] "C:Program FilesPC Tools AntiVirusPCTAV.exe" /MONITORSCAN
O4 - HKCU..Run: [Steam] "c:program filessteamsteam.exe" -silent
O4 - HKCU..Run: [VistaStartMenu] "C:Program FilesVista Start MenuVistaStartMenu.exe"
O4 - HKCU..Run: [CurseClient] C:Program FilesCurseCurseClient.exe -silent
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User LOCAL SERVICE)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User NETWORK SERVICE)
O4 - Global Startup: F1U201.401.lnk = ?
O4 - Global Startup: SetPointII.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - http://ghost.netgame.com/launch/object/ ... Av1004.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... b_test.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:Windowssystem32GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:Windowssystem32nvvsvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:Program FilesPC Tools AntiVirusPCTAVSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:Program FilesCommon FilesSteamSteamService.exe

--
End of file - 7169 bytes


Also if theres any easy way for you to explain how i could find stuff that isnt supposed to be, like the keyloggers, that would be greatly appreciated so i wouldnt have to keep coming back here]]><br /><br />Topic Replies: 1 albin Tue, 30 Jun 2009 19:45:18 -0700 http://www.ozzu.com/mswindows-forum/registry-cleaner-t98670.html http://www.ozzu.com/mswindows-forum/registry-cleaner-t98670.html Registry Cleaner ]]><br /><br />Topic Replies: 1 jecepede Tue, 30 Jun 2009 14:57:38 -0700 http://www.ozzu.com/mswindows-forum/with-shared-folders-some-say-access-denied-vista-t98656.html http://www.ozzu.com/mswindows-forum/with-shared-folders-some-say-access-denied-vista-t98656.html XP with shared folders, some say access denied to Vista.

This is to weird to actually ask but I have searched and searched and searched and........

Anyway... The problem exists in my moms network, so if I get some advice dont be mad if i dont react right away,
I have to drive to my moms house, no RPD there, and try it...

So what the BLEEP is going on...
My moms bought a new pre installed PC with Windows Vista so we formatted her old PC and installed XP.
This PC is just standing in the corner with uTorrent and E-mule being busy.
So far so good.

I have a folder on the XP-machine called E:Downloads and it is shared (DUH)
The Vista machine has a network drive N: (download-bakE-downloads)
I can see this folder in the Vista machine...
Still good right ? Wrong...

Lets just say these folders have been made by uTorrent :

E:DownloadsBugsbunny-adventure
E:DownloadsWatchmen
E:DownloadsZion-treasures-of-the-wild

From the Vista machine I double click : N:DownloadsWatchmen
And get the message : Access denied.

I go back to the XP machine and make a 4th folder in Windows Explorer like :

E:DownloadsBugsbunny-adventure
E:DownloadsTest-folder
E:DownloadsWatchmen
E:DownloadsZion-treasures-of-the-wild

I put some files in the folder and go back to the Vista machine.
From the Vista machine I double click : N:DownloadsTest-folder : and voila, I see the content of that folder !

Since I CAN make my own folders like : E:DownloadsTest-folder : and read those using the Vista machine.
Thus, I copied the folder : E:DownloadsBugsbunny-adventure : using the [CTRL]+[C] / [CTRL]+[V] keys.

The following folders now reside in the XP machine :

E:DownloadsBugsbunny-adventure
E:DownloadsCopy of Bugsbunny-adventure
E:DownloadsTest-folder
E:DownloadsWatchmen
E:DownloadsZion-treasures-of-the-wild


The folders I now CAN read on the Vista machine :
---
E:DownloadsCopy of Bugsbunny-adventure
E:DownloadsTest-folder


The folders I now can NOT read on the Vista machine :
---
E:DownloadsBugsbunny-adventure
E:DownloadsWatchmen
E:DownloadsZion-treasures-of-the-wild


So it appears I can only ready files/folder that are NOT downloaded from the internet......
Can it be that applications like uTorrent run under different user names ?


So what have I checked already :
----------------------------------------
- The two PCs are in the same domain :Leeuw
- The two PCs both have a user called Gerri with the same pwd
- User Gerri on the XP machines and the Vista machine is member of the Administrator group
- All the files in E:Downloads have the same owner : Gerri
- I linked the N:-drive on the Vista machine using the user download-bakGerri and the pwd
- No other users besides Gerri are connected to the XP-machine
- The event and security logs stay empty, no errors like : Unknown user
- I even enabled the guest on the XP machine
- When I ping download-bak on the Vista machine I get the correct IP (192.168.1.100)
- The Vista machine has 192.168.1.101 and the same subnet 255.255.255.0
- Installed all updates and patches on both Windows machines
- Disable firewall on both machines
- Disable Viruskiller on both machines


Soooooooo


If ANYONE can help my poor lil ma, Id be much obliged...


Thanks for you time !!!!


Jecepede]]><br /><br />Topic Replies: 10 craniul 26 Tue, 30 Jun 2009 13:50:21 -0700 http://www.ozzu.com/mswindows-forum/networking-troubles-t98655.html http://www.ozzu.com/mswindows-forum/networking-troubles-t98655.html Networking Troubles <br /><br />Topic Replies: 3 IIHoSTiiiLeII Mon, 29 Jun 2009 12:18:54 -0700 http://www.ozzu.com/mswindows-forum/hpprintspool-exe-help-t98631.html http://www.ozzu.com/mswindows-forum/hpprintspool-exe-help-t98631.html HPprintspool.exe Help.

CODE:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:04 PM, on 6/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:WINDOWSsystem32csrss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
C:Program FilesAlwil SoftwareAvast4ashServ.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSehomeehtray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesAnalog DevicesCoresmax4pnp.exe
C:WINDOWSCTHELPER.EXE
C:Program FilesCyberLinkPowerDVDDVDLauncher.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesAOL1204499571eeAOLSoftware.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesComcastDesktop Doctorbinsprtcmd.exe
C:Program FilesHPHP Software UpdateHPWuSchd2.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesiTunesiTunesHelper.exe
C:PROGRA~1ALWILS~1Avast4ashDisp.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesCommon FilesAOLACSAOLacsd.exe
C:Program FilesComcastUIUniversal Installeruinstaller.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesAIM6aim6.exe
C:Program FilesComcastUIUniversal Installeruinstaller.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAOL 9.1waol.exe
C:WINDOWSeHomeehSched.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesViewpointCommonViewpointService.exe
C:WINDOWSwanmpsvc.exe
C:WINDOWSehomemcrdsvc.exe
C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
C:Program FilesiPodbiniPodService.exe
C:WINDOWSsystem32dllhost.exe
C:WINDOWSeHomeehRecvr.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesAIM6aolsoftware.exe
C:Program FilesHPDigital Imagingbinhpqnrs08.exe
C:Program FilesAOL 9.1shellmon.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesAOLTopspeed3.0aoltpsd3.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32wbemwmiprvse.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:Program FilesAOL Toolbaraoltb.dll
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:Program FilesAIM Toolbaraimtb.dll
F2 - REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,C:WINDOWSsystem32sdra64.exe,C:WINDOWSsystem32win32avs.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:Program FilesAOL Toolbaraoltb.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:Program FilesAIM Toolbaraimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:Program FilesAIM Toolbaraimtb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:Program FilesAOL Toolbaraoltb.dll
O4 - HKLM..Run: [ehTray] C:WINDOWSehomeehtray.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [SoundMAXPnP] C:Program FilesAnalog DevicesCoresmax4pnp.exe
O4 - HKLM..Run: [CTHelper] CTHELPER.EXE
O4 - HKLM..Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM..Run: [DVDLauncher] "C:Program FilesCyberLinkPowerDVDDVDLauncher.exe"
O4 - HKLM..Run: [RealTray] C:Program FilesRealRealPlayerRealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM..Run: [HostManager] C:Program FilesCommon FilesAOL1204499571eeAOLSoftware.exe
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [ddoctorv2] "C:Program FilesComcastDesktop Doctorbinsprtcmd.exe" /P ddoctorv2
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [internat] C:WINDOWSinternat.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Universal Installer] "C:Program FilesComcastUIUniversal Installeruinstaller.exe" /fromrun /starthidden
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU..Run: [Desktop Software] "C:Program FilesComcastUIUniversal Installeruinstaller.exe" /ini "uinstaller.ini" /fromrun /starthidden
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:Documents and SettingsFamilyLocal SettingsTemp{A7D71DE4-9507-4068-9302-C50EDFA13528}{907B4640-266B-4A21-92FB-CD1A86CD0F63}ATR1.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:Program FilesHPDigital Imagingbinhpqthb08.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:Documents and SettingsAll UsersApplication DataAIM ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: &AOL Toolbar Search - C:Documents and SettingsAll UsersApplication DataAOLieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:Program FilesAIM Toolbaraimtb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra Tools menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra Tools menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 3817351968
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free- ... yer_v4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolsvc.aol.com/onlinegames/bejew ... er_v10.cab
O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist508G2AWinLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:PROGRA~1COMMON~1AOLACSacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToAssist508g2aservice.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:WINDOWSsystem32spooldriversw32x863HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:Program FilesComcastDesktop Doctorbinsprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:WINDOWSwanmpsvc.exe

--
End of file - 11431 bytes

]]><br /><br />Topic Replies: 1 acousticus Mon, 29 Jun 2009 00:37:07 -0700 http://www.ozzu.com/mswindows-forum/msn-virus-please-help-t98609.html http://www.ozzu.com/mswindows-forum/msn-virus-please-help-t98609.html MSN Virus, please help! :)
"acousticus sent 6/29/2009 3:25 AM:
Howdy, I just spoke to Becca and Brice, and they told me to check out some pills they saw on Oprah. They said they lost 23 pounds in about amonth with them. Anyway you can find them here for only $5 [domain removed]

Below is my logfile


-----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:05 PM, on 29/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32SysMonitor.exe
C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
C:Program FilesBitDefenderBitDefender 2008bdagent.exe
C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.EXE
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesQuickTimeQTTask.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Windowsehomeehmsas.exe
C:AcerEmpowering TechnologyACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:AcerEmpowering TechnologyeRecoveryERAGENT.EXE
C:Program FilesWindows LiveContactswlcomm.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesWindows LiveToolbarwltuser.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:Windowssystem32SearchFilterHost.exe
C:Program FilesInternet Exploreriexplore.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://sg.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://en.sg.acer.yahoo.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://en.sg.acer.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://en.sg.acer.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://sg.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:Program FilesMicrosoftSearch Enhancement PackSearch HelperSEPsearchhelperie.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4e4d-9FA3-C5025B4B7912} - C:Program FilesEndNote WebENWIEPlug.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:Windowssystem32ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:Program FilesWindows LiveToolbarwltcore.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:Windowssystem32eDStoolbar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:Program FilesBitDefenderBitDefender 2008IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:Program FilesWindows LiveToolbarwltcore.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [Acer Empowering Technology Monitor] C:Windowssystem32SysMonitor.exe
O4 - HKLM..Run: [eDataSecurity Loader] C:AcerEmpowering TechnologyeDataSecurityeDSloader.exe
O4 - HKLM..Run: [BDAgent] "C:Program FilesBitDefenderBitDefender 2008bdagent.exe"
O4 - HKLM..Run: [IJNetworkScanUtility] C:Program FilesCanonCanon IJ Network Scan UtilityCNMNSUT.EXE
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKCU..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User LOCAL SERVICE)
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User LOCAL SERVICE)
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User NETWORK SERVICE)
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Append to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program FilesAdobeAcrobat 8.0AcrobatAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~2Office12EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra Tools menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra Tools menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~2Office12ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~2Office12REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:Windowssystem32brsvc01a.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:AcerEmpowering TechnologyeRecoveryeRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:Program FilesCommon FilesBitDefenderBitDefender Update Servicelivesrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program FilesSpybot - Search & DestroySDWinSec.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:Program FilesBitDefenderBitDefender 2008vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:Program FilesCommon FilesBitDefenderBitDefender Communicatorxcommsvr.exe

--
End of file - 10105 bytes


-------------------

thank you! :)]]><br /><br />Topic Replies: 1