derrettlee Posted November 5, 2006 Report Share Posted November 5, 2006 Hello:I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. This time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:FIRST THING I TRIED:From Posted Topic on website:"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.5.Close regedit and restart."SECOND THING I TRIED:"winsockxpfix.exe"WinSock XP Fix 1.2Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."THE THIRD THING I TRIEDPost from Topic on Web Site"Had the same problem but found a VERY simple fixHi everyone,Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.I had been on several forums and sites that had suggested the following:Go to My Network PlacesView Network ConnectionsThen view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!Tiffany"NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:Logfile of HijackThis v1.99.1Scan saved at 8:38:43 AM, on 03/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\iexeplore.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\spool32.exeC:\Program Files\CpuIdle\cpuidle.exeC:\Program Files\ASUS\Asus Probe\AsusProb.exeC:\Program Files\SpyStopper Pro\ssp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Softwin\BitDefender10\bdmcon.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeC:\Program Files\DVDIdle Pro\DVDIdlePro.exeC:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\PROGRA~1\AUSLOG~1\boostspeed.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\VCOM\PowerDesk\pddlghlp.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender10\vsserv.exeC:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\VCOM\PowerDesk\PDExplo.exeC:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/F2 - REG:system.ini: Shell=explorer.exe iexeplore.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exeO4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exeO4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeO4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exeO4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /QO4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCBO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exeO4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exeO4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)And here is my AVG Anti-Spyware v7.5 Log File:---------------------------------------------------------AVG Anti-Spyware - Scan Report---------------------------------------------------------+ Created at: 8:26:18 AM 03/11/2006+ Scan result:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.::Report endI have Bit Defender v10 installed and it says I am free of virusesThank you very much in advance for your help Quote Link to post Share on other sites
Dragon Posted November 6, 2006 Report Share Posted November 6, 2006 as far as I can tell your log is clean, I would recommend talking to one of our techs in the PC-Support Forums section as this is not a malware related issue. Quote Link to post Share on other sites
derrettlee Posted November 6, 2006 Author Report Share Posted November 6, 2006 (edited) Some other people are trying to help me so I have included the thread of these posts.Let me thank you in advance for any help or suggestion.Yesterday, 01:16 PMderrettlee derrettlee is online nowNew MemberJoin Date: Nov 2006Location: Toronto, CanadaPosts: 1Firefox, Thunderbird and IE Stop Working Azureus Keeps WorkingHello:I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. This time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:FIRST THING I TRIED:From Posted Topic on website:"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.5.Close regedit and restart."SECOND THING I TRIED:"winsockxpfix.exe"WinSock XP Fix 1.2Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."THE THIRD THING I TRIEDPost from Topic on Web Site"Had the same problem but found a VERY simple fixHi everyone,Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.I had been on several forums and sites that had suggested the following:Go to My Network PlacesView Network ConnectionsThen view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!Tiffany"NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:Logfile of HijackThis v1.99.1Scan saved at 8:38:43 AM, on 03/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\iexeplore.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\spool32.exeC:\Program Files\CpuIdle\cpuidle.exeC:\Program Files\ASUS\Asus Probe\AsusProb.exeC:\Program Files\SpyStopper Pro\ssp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Softwin\BitDefender10\bdmcon.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeC:\Program Files\DVDIdle Pro\DVDIdlePro.exeC:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\PROGRA~1\AUSLOG~1\boostspeed.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\VCOM\PowerDesk\pddlghlp.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender10\vsserv.exeC:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\VCOM\PowerDesk\PDExplo.exeC:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/F2 - REG:system.ini: Shell=explorer.exe iexeplore.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exeO4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exeO4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeO4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exeO4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /QO4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCBO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exeO4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exeO4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)And here is my AVG Anti-Spyware v7.5 Log File:---------------------------------------------------------AVG Anti-Spyware - Scan Report---------------------------------------------------------+ Created at: 8:26:18 AM 03/11/2006+ Scan result:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected] rture[1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.::Report endI have Bit Defender v10 installed and it says I am free of virusesThank you very much in advance for your helpEdit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this messagederrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List #2 Report Post Unread Yesterday, 11:05 PMAnnMarie's Avatar AnnMarie AnnMarie is offlineModeratorJoin Date: Oct 2001Location: New ZealandPosts: 33,271Welcome to CTH derrettlee. I can see a malware startup in your log and a malware file in your running processes.Before we start fixing your problem I would like to see if any other startups are involved. To do this, I need to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.In the meantime, I'll move your topic to the CyberSafety Forum.__________________Moderator: Cyber Safety ForumMicrosoft MVP - Windows Shell/User 2004/2005/2006Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you.How to help prevent re-infectionReply With Quote Multi-Quote This Message Quick reply to this messageAnnMarieView Public ProfileSend a private message to AnnMarieSend email to AnnMarieFind all posts by AnnMarieAdd AnnMarie to Your Buddy List #3 Report Post Unread Today, 01:03 AMderrettlee derrettlee is online nowNew MemberJoin Date: Nov 2006Location: Toronto, CanadaPosts: 2First let me thank you for replying to my post. It is greatly appreciated. Here is the log from silentrunners. I have also included at the end the transcript from another suggested fix that someone suggested I try. Unfortunately it did not work, however, it will bring you up to date on the current state of my system. Your silentrunners log was done after this fix was tried."Silent Runners.vbs", revision 49, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}"TaskSwitchXP" = "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" ["Alexander Avdonin"]"SkinClock" = "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]"DVDIdle Pro Application" = "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" ["Fengtao Software Inc."]"BoostSpeed" = ""C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q" ["AusLogics, Inc."]"RemoteCenter" = "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE " ["Creative Technology Ltd"]HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]"CTDVDDET" = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" ["Creative Technology Ltd"]"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]"AsioReg" = "REGSVR32.EXE /S CTASIO.DLL" [MS]"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]"CpuIdle" = "C:\Program Files\CpuIdle\cpuidle.exe" ["Andreas Goetz"]"ASUS Probe" = "C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [null data]"SpyStopperPro" = "C:\Program Files\SpyStopper Pro\ssp.exe" ["InfoWorks Technology Company "]"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]"SystemBoosterXP" = "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe" [empty string]"BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]"BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx\ {++}"Flag" = hex:0x00000002HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)-> {HKLM...CLSID} = "AcroIEHlprObj Class"\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)-> {HKLM...CLSID} = "SSVHelper Class"\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"-> {HKLM...CLSID} = "Display Panning CPL Extension"\InProcServer32\(Default) = "deskpan.dll" [file not found]"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"-> {HKLM...CLSID} = "Portable Media Devices Menu"\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"-> {HKLM...CLSID} = "UnlockerShellExtension"\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]"{0A435D73-6459-4b87-971D-0EEBFD2495BA}" = "ContextAttrib"-> {HKLM...CLSID} = "ContextAttrib"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]"{00537963-0001-0001-0004-00c0dfe64a64}" = "Command Box Context Menu Handler"-> {HKLM...CLSID} = "Command Box Context Menu Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\cmdhere.dll" ["Synesis Software (Pty) Ltd"]"{25D84CB0-7345-11D3-A4A1-0080C8ECFED4}" = "DLL Registerer"-> {HKLM...CLSID} = "DLL Registerer"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\dllregshex.dll" ["See 'About...' box after this DLL is registered."]"{DD23BD50-C784-4557-BE82-1B3FDDB22CA5}" = "BrowserBack Extension"-> {HKLM...CLSID} = "BrowserBackExt Class"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\BrowserBack.dll" [empty string]"{A0F26623-302C-41E1-B00C-04EE54A3188C}" = "SelectAll Extension"-> {HKLM...CLSID} = "SelectAllExt Class"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\SelectAll.dll" [empty string]"{AC67E92C-D916-4058-A7B8-0913746592F4}" = "HiddenFilesToggle Extension"-> {HKLM...CLSID} = "HiddenFilesToggleExt Class"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dl l" [empty string]"{D8E899D8-A7B3-449C-BFDF-761FC5826313}" = "FileExtToggle Extension"-> {HKLM...CLSID} = "FileExtToggleExt Class"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\FileExtToggle.dl l" [empty string]"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension"-> {HKLM...CLSID} = "ContextMenuExt Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]"{97F6E51A-2934-4297-B06C-1CCCA326C5E6}" = "Find Target 2"-> {HKLM...CLSID} = "SHFindTarget Class"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\FindTarget.dll" [empty string]"{00537963-0001-0002-0004-00c0dfe64a64}" = "File Case Context Menu Handler"-> {HKLM...CLSID} = "File Case Context Menu Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MEFlCase.dll" ["Synesis Software (Pty) Ltd"]"{00537963-0001-0004-0004-00c0dfe64a64}" = "Run Program Context Menu Handler"-> {HKLM...CLSID} = "Run Program Context Menu Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MERunPrg.dll" ["Synesis Software (Pty) Ltd"]"{67C63340-679B-11D2-92EE-000021474C11}" = "OpenExpert Extensions"-> {HKLM...CLSID} = "OpenExpert Extensions"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\OpenExpert.dll" [null data]"{1530f7ee-5128-43bd-9977-84a4b0fad7df}" = "Photo Resizing PowerToy"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\phototoys.dll" [MS]"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"-> {HKLM...CLSID} = "7-Zip Shell Extension"\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"-> {HKLM...CLSID} = "IE Microsoft AutoComplete"\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"-> {HKLM...CLSID} = "History Band"\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"-> {HKLM...CLSID} = "WinRAR"\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]"{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Sonic Solutions"]"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"-> {HKLM...CLSID} = "PowerISO"\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]"{CCA60260-A2C9-11D2-BA62-0020188191B2}" = "Registrar Registry Manager SHell Extension"-> {HKLM...CLSID} = "Registrar Registry Manager SHell Extension"\InProcServer32\(Default) = "rrShellX.dll" [file not found]HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]<<!>> "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)-> {HKLM...CLSID} = "DVDIdleShell Class"\InProcServer32\(Default) = "C:\Program Files\DVDIdle Pro\DVDShell.dll" ["Fengtao Software Inc."]<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\<<!>> "AppInit_DLLs" = "sockspy.dll" [null data]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]HKLM\Software\Classes\PROTOCOLS\Filter\<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]HKLM\Software\Classes\Folder\shellex\ColumnHandler s\{0BC1E559-9D68-4E99-AFD9-98D27DAB971D}\(Default) = "TreeSize FolderSizeColumn"-> {HKLM...CLSID} = "ColHandler"\InProcServer32\(Default) = "C:\PROGRA~1\JAMSOF~1\TREESI~1\FSizeCol.dll" ["JAM Software"]{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}\(Default) = "{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}"-> {HKLM...CLSID} = "Softpointer Column Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL" ["Softpointer Inc"]{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"-> {HKLM...CLSID} = "PDF Shell Extension"\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]HKLM\Software\Classes\*\shellex\ContextMenuHandler s\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"-> {HKLM...CLSID} = "7-Zip Shell Extension"\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]ACShell\(Default) = "{D3F9A525-8824-497A-BE36-B23E22F141FC}"-> {HKLM...CLSID} = "Attribute Changer Shell Extension"\InProcServer32\(Default) = "C:\Program Files\Attribute Changer\acshell.dll" ["Romain Petges"]AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"-> {HKLM...CLSID} = "CContextScan Object"\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]ContextAttrib\(Default) = "{0A435D73-6459-4b87-971D-0EEBFD2495BA}"-> {HKLM...CLSID} = "ContextAttrib"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"-> {HKLM...CLSID} = "ContextMenuExt Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]File Case Context Menu Handler\(Default) = "{00537963-0001-0002-0004-00c0dfe64a64}"-> {HKLM...CLSID} = "File Case Context Menu Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MEFlCase.dll" ["Synesis Software (Pty) Ltd"]Ninotech Date Edit\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDD}"-> {HKLM...CLSID} = "Ninotech Date Edit Shell Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\DateEd32.dll" ["Ninotech"]Ninotech Path Copy\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDE}"-> {HKLM...CLSID} = "Ninotech Path Copy Shell Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\PathCo32.dll" ["Ninotech"]PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"-> {HKLM...CLSID} = "PowerDesk ZIP Extension"\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["V Communications, Inc."]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"-> {HKLM...CLSID} = "PowerISO"\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"-> {HKLM...CLSID} = "WinRAR"\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]{67C63340-679B-11D2-92EE-000021474C11}\(Default) = "{67C63340-679B-11D2-92EE-000021474C11}"-> {HKLM...CLSID} = "OpenExpert Extensions"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\OpenExpert.dll" [null data]HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"-> {HKLM...CLSID} = "7-Zip Shell Extension"\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]ACShell\(Default) = "{D3F9A525-8824-497A-BE36-B23E22F141FC}"-> {HKLM...CLSID} = "Attribute Changer Shell Extension"\InProcServer32\(Default) = "C:\Program Files\Attribute Changer\acshell.dll" ["Romain Petges"]AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"-> {HKLM...CLSID} = "CContextScan Object"\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]Command Box Context Menu Handler\(Default) = "{00537963-0001-0001-0004-00c0dfe64a64}"-> {HKLM...CLSID} = "Command Box Context Menu Handler"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\cmdhere.dll" ["Synesis Software (Pty) Ltd"]ContextAttrib\(Default) = "{0A435D73-6459-4b87-971D-0EEBFD2495BA}"-> {HKLM...CLSID} = "ContextAttrib"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"-> {HKLM...CLSID} = "ContextMenuExt Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]Ninotech Date Edit\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDD}"-> {HKLM...CLSID} = "Ninotech Date Edit Shell Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\DateEd32.dll" ["Ninotech"]Ninotech Path Copy\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDE}"-> {HKLM...CLSID} = "Ninotech Path Copy Shell Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\PathCo32.dll" ["Ninotech"]PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"-> {HKLM...CLSID} = "PowerDesk ZIP Extension"\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["V Communications, Inc."]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"-> {HKLM...CLSID} = "PowerISO"\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"-> {HKLM...CLSID} = "WinRAR"\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"-> {HKLM...CLSID} = "ContextMenuExt Extension"\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"-> {HKLM...CLSID} = "PowerISO"\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"-> {HKLM...CLSID} = (no title provided)\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"-> {HKLM...CLSID} = "UnlockerShellExtension"\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"-> {HKLM...CLSID} = "WinRAR"\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"-> {HKLM...CLSID} = "UnlockerShellExtension"\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this messagederrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List #4 Report Post Unread Today, 01:04 AMderrettlee derrettlee is online nowNew MemberJoin Date: Nov 2006Location: Toronto, CanadaPosts: 3Default executables:--------------------<<!>> HKLM\Software\Classes\scrfile\shell\open\command\( Default) = ""%1" %*" [file not found]Group Policies {GPedit.msc branch and setting}:-----------------------------------------------Note: detected settings may not have any effect.HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoSharedDocuments" = (REG_DWORD) hex:0x00000001{User Configuration|Administrative Templates|Windows Components|Windows Explorer|Remove Shared Documents from My Computer}"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoInstrumentation" = (REG_DWORD) hex:0x00000000{unrecognized setting}"_NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091{unrecognized setting}HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001{unrecognized setting}"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001{unrecognized setting}"NoCDBurning" = (REG_DWORD) hex:0x00000000{unrecognized setting}HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\"DisableTaskMgr" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|Remove Task Manager}"DisableRegistryTools" = (REG_SZ) 0{User Configuration|Administrative Templates|System|Prevent access to registry editing tools}HKCU\Software\Policies\Microsoft\Windows\System\"DisableCMD" = (REG_DWORD) hex:0x00000000{User Configuration|Administrative Templates|System|Disable the command prompt}HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Shutdown: Allow system to be shut down without having to log on}"undockwithoutlogon" = (REG_DWORD) hex:0x00000001{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|Devices: Allow undock without having to log on}"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001{unrecognized setting}Active Desktop and Wallpaper:-----------------------------Active Desktop may be disabled at this entry:HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellStateDisplayed if Active Desktop enabled and wallpaper not set by Group Policy:HKCU\Software\Microsoft\Internet Explorer\Desktop\General\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"Displayed if Active Desktop disabled and wallpaper not set by Group Policy:HKCU\Control Panel\Desktop\"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"Startup items in "Administrator" & "All Users" startup folders:---------------------------------------------------------------C:\Documents and Settings\Administrator\Start Menu\Programs\Startup"Dialog Helper" -> shortcut to: "C:\Program Files\VCOM\PowerDesk\pddlghlp.exe /s" ["V Communications, Inc."]C:\Documents and Settings\All Users\Start Menu\Programs\Startup"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]Enabled Scheduled Tasks:------------------------"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]Winsock2 Service Provider DLLs:-------------------------------Namespace Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]Transport Service ProvidersHKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05Toolbars, Explorer Bars, Extensions:------------------------------------Explorer BarsHKLM\Software\Microsoft\Internet Explorer\Explorer Bars\HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]Extensions (Tools menu items, main toolbar menu buttons)HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\"MenuText" = "Sun Java Console""CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"-> {HKCU...CLSID} = "Java Plug-in"\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]{92780B25-18CC-41C8-B9BE-3C9C571A8263}\"ButtonText" = "Research"Miscellaneous IE Hijack Points------------------------------HKLM\Software\Microsoft\Internet Explorer\AboutURLs\<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\Diskeeper\DkService.exe"" ["Executive Software International, Inc."]Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]Print Monitors:---------------HKLM\System\CurrentControlSet\Control\Print\Monito rs\730 Series Port\Driver = "lxcflmpm.DLL" [empty string]Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]----------<<!>>: Suspicious data at a malware launch point.<<H>>: Suspicious data at a browser hijack point.+ This report excludes default entries except where indicated.+ To see *everywhere* the script checks and *everything* it finds,launch it from a command prompt or a shortcut with the -all parameter.+ To search all directories of local fixed drives for DESKTOP.INIDLL launch points, use the -supp parameter or answer "No" at thefirst message box and "Yes" at the second message box.---------- (total run time: 65 seconds, including 18 seconds for message boxes)THE TRANSCRIPT IS IN THE NEXT POST Edited November 6, 2006 by derrettlee Quote Link to post Share on other sites
derrettlee Posted November 6, 2006 Author Report Share Posted November 6, 2006 HERE IS THE TRANSCRIPT - PART 2 OF MY POSTEdit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this messagederrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List #5 Report Post Unread Today, 01:07 AMderrettlee derrettlee is online nowNew MemberJoin Date: Nov 2006Location: Toronto, CanadaPosts: 405-Nov-2006 12:16 PM - Firefox, Thunderbird and IE Stop Working Azureus Keeps Workingderrettlee derrettlee is online nowJunior MemberPosts: 2Join Date: Nov 2006Location: Toronto, CanadaExperience: IntermediateHello:I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. this time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:FIRST THING I TRIED:From Posted Topic on website:"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.5.Close regedit and restart."SECOND THING I TRIED:"winsockxpfix.exe"WinSock XP Fix 1.2Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."THE THIRD THING I TRIEDPost from Topic on Web Site"Had the same problem but found a VERY simple fixHi everyone,Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.I had been on several forums and sites that had suggested the following:Go to My Network PlacesView Network ConnectionsThen view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!Tiffany"NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:Logfile of HijackThis v1.99.1Scan saved at 8:38:43 AM, on 03/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\iexeplore.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\WINDOWS\spool32.exeC:\Program Files\CpuIdle\cpuidle.exeC:\Program Files\ASUS\Asus Probe\AsusProb.exeC:\Program Files\SpyStopper Pro\ssp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Softwin\BitDefender10\bdmcon.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeC:\Program Files\DVDIdle Pro\DVDIdlePro.exeC:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exeC:\PROGRA~1\AUSLOG~1\boostspeed.exeC:\Program Files\Creative\MediaSource\GO\CTCMSGo.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\VCOM\PowerDesk\pddlghlp.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender10\vsserv.exeC:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exeC:\Program Files\Azureus\Azureus.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\VCOM\PowerDesk\PDExplo.exeC:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/F2 - REG:system.ini: Shell=explorer.exe iexeplore.exeO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exeO4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exeO4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeO4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exeO4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /QO4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCBO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exeO4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exeO4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)And here is my AVG Anti-Spyware v7.5 Log File:---------------------------------------------------------AVG Anti-Spyware - Scan Report---------------------------------------------------------+ Created at: 8:26:18 AM 03/11/2006+ Scan result:C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected] rture[1].txt -> TrackingCookie.Overture : No action taken.C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.::Report endI have Bit Defender v10 installed and it says I am free of virusesThank you very much in advance for your helpEdit | Quote | Quick ReplyderrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List#2 Report Post to Moderators05-Nov-2006 12:28 PMJSntgRvr's AvatarJSntgRvr JSntgRvr is offline JSntgRvr is authorized to help remove malware.Distinguished MemberPosts: 7,266Join Date: Jul 2003Location: Puerto RicoExperience: AdvancedHi, derrettleeWelcome to TSG.The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.Backing Up Your Registry1. Go Here and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Registry ModificationsDownload the enclosed file:Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Don't do anything with it yet. We will run it shortly.Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.F2 - REG:system.ini: Shell=explorer.exe iexeplore.exeNow close all windows and browsers, other than HiJackThis, then click Fix Checked.Close Hijackthis.Double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.Restart the computer.Click here to download Dr.Web CureIt and save it to your desktop.* Doubleclick the drweb-cureit.exe file and allow to run the express scan* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.* Once the short scan has finished, mark the drives that you want to scan.* Select all drives. A red dot shows which drives have been chosen.* Click the green arrow at the right, and the scan will start.* Click 'Yes to all' if it asks if you want to cure/move the file.* When the scan has finished, look if you can click next icon next to the files found:* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:* This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list* Save the report to your desktop. The report will be called DrWeb.csv* Close Dr.Web Cureit.* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.Attached FilesFile Type: zip Regfix.zip (288 Bytes, 1 views)__________________Sometimes I think I understand everything,then I regain consciousness.If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate HereUnanswered threads for more that 7 days will become stale, and will no longer be part of my subscriptions. If you need the thread to be attended, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this messagederrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List #6 Report Post Unread Today, 01:08 AMderrettlee derrettlee is online nowNew MemberJoin Date: Nov 2006Location: Toronto, CanadaPosts: 5Quote | Quick ReplyJSntgRvrView Public ProfileSend a private message to JSntgRvrFind all posts by JSntgRvrAdd JSntgRvr to Your Buddy List#3 Report Post to Moderators05-Nov-2006 05:15 PM - I Tried You Fixes - Here is the Information You Requestedderrettlee derrettlee is online nowJunior MemberPosts: 2Join Date: Nov 2006Location: Toronto, CanadaExperience: IntermediateTo: JSntgRvr - I Tried Your Fixes - Here Is The Information You WantedFirst, let me thank you very much for your quick reply and your suggestions !!!I followed your instructions and tried your fixes. I am enclosing the new HiJackThis log, however there is no Dr. Web Cureit log as it did not find any viruses and the tab "Save Report List" was grayed out and not active. I will try the Browsers and Thunderbird for a while to see if the fixes worked. I sure hope they do. Again, many thanks.Logfile of HijackThis v1.99.1Scan saved at 4:01:33 PM, on 05/11/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exeC:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEC:\WINDOWS\system32\CTHELPER.EXEC:\Program Files\CpuIdle\cpuidle.exeC:\Program Files\ASUS\Asus Probe\AsusProb.exeC:\Program Files\SpyStopper Pro\ssp.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exeC:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exeC:\Program Files\Softwin\BitDefender10\bdmcon.exeC:\Program Files\Softwin\BitDefender10\bdagent.exeC:\Program Files\TaskSwitchXP\TaskSwitchXP.exeC:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeC:\Program Files\DVDIdle Pro\DVDIdlePro.exeC:\PROGRA~1\AUSLOG~1\boostspeed.exeC:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEC:\Program Files\Logitech\SetPoint\SetPoint.exeC:\Program Files\VCOM\PowerDesk\pddlghlp.exeC:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXEC:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Executive Software\Diskeeper\DkService.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Softwin\BitDefender10\vsserv.exeC:\WINDOWS\system32\wuauclt.exeC:\Program Files\VCOM\PowerDesk\PDExplo.exeC:\Azureus Completed Files\ERRORS in System\Browser Stops Working\HiJack This - Run From HDD\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = GoogleO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXEO4 - HKLM\..\Run: [CTHelper] CTHELPER.EXEO4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLLO4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /rO4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exeO4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exeO4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exeO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimizedO4 - HKLM\..\Run: [systemBoosterXP] C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exeO4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /regO4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exeO4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exeO4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exeO4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /QO4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXEO4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exeO4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exeO23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exeO23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exeO23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeO23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeO23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)Thank You Again !!!Edit | Quote | Quick ReplyderrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy List#4 Report Post to Moderators05-Nov-2006 05:28 PMJSntgRvr's AvatarJSntgRvr JSntgRvr is offline JSntgRvr is authorized to help remove malware.Distinguished MemberPosts: 7,266Join Date: Jul 2003Location: Puerto RicoExperience: AdvancedKeep me posted.__________________Sometimes I think I understand everything,then I regain consciousness.If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate HereUnanswered threads for more that 7 days will become stale, and will no longer be part of my subscriptions. If you need the thread to be attended, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.Quote | Quick ReplyJSntgRvrView Public ProfileSend a private message to JSntgRvrFind all posts by JSntgRvrAdd JSntgRvr to Your Buddy List#51 Minute Agoderrettlee derrettlee is online nowJunior MemberPosts: 3Join Date: Nov 2006Location: Toronto, CanadaExperience: IntermediateHello:I am sorry to say that the problem was not fixed. I tried it 6 times and every time after a short period of time which varied from about 5 minutes to 20 minutes Firefox and Thunderbird stopped working while Azureus kept right on going. Do you have any more suggestions??? They would be most welcomed. Thank you.Edit | Quote | Quick ReplyderrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy ListEdit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this messagederrettleeView Public ProfileSend a private message to derrettleeSend email to derrettleeFind all posts by derrettleeAdd derrettlee to Your Buddy ListReply Quote Link to post Share on other sites
TheTerrorist_75 Posted November 6, 2006 Report Share Posted November 6, 2006 This should be in the Malware Removal section of these forums. I'll see if I can move it there. Quote Link to post Share on other sites
Dragon Posted November 7, 2006 Report Share Posted November 7, 2006 I have combined these two topics since they are the same issue.would you please make a new hijack this log, as the most recent one I see on this is 5/11/06.This will not give us an accurate view of what is going on with your computer since it is 6 months old.I have also looked at the logs you have posted at other pc tech boards and there you are also using old copies of Hijack this log. That is why nothing they are having you to do is working. and all of them are in the last week. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.