Firefox, Thunderbird And Ie Stop Working - Azureus Keeps Working


Recommended Posts

Hello:

I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. This time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:

FIRST THING I TRIED:

From Posted Topic on website:

"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.

The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:

1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.

2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.

4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.

5.Close regedit and restart."

SECOND THING I TRIED:

"winsockxpfix.exe"

WinSock XP Fix 1.2

Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.

It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.

If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.

It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."

THE THIRD THING I TRIED

Post from Topic on Web Site

"Had the same problem but found a VERY simple fix

Hi everyone,

Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.

I had been on several forums and sites that had suggested the following:

Go to My Network Places

View Network Connections

Then view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.

I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).

Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...

Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!

Tiffany"

NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:

Logfile of HijackThis v1.99.1

Scan saved at 8:38:43 AM, on 03/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\iexeplore.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\spool32.exe

C:\Program Files\CpuIdle\cpuidle.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Program Files\SpyStopper Pro\ssp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\PROGRA~1\AUSLOG~1\boostspeed.exe

C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\VCOM\PowerDesk\PDExplo.exe

C:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

F2 - REG:system.ini: Shell=explorer.exe iexeplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"

O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exe

O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

And here is my AVG Anti-Spyware v7.5 Log File:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:26:18 AM 03/11/2006

+ Scan result:

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.

::Report end

I have Bit Defender v10 installed and it says I am free of viruses

Thank you very much in advance for your help

Link to post
Share on other sites

Some other people are trying to help me so I have included the thread of these posts.

Let me thank you in advance for any help or suggestion.

Yesterday, 01:16 PM

derrettlee derrettlee is online now

New Member

Join Date: Nov 2006

Location: Toronto, Canada

Posts: 1

Firefox, Thunderbird and IE Stop Working Azureus Keeps Working

Hello:

I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. This time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:

FIRST THING I TRIED:

From Posted Topic on website:

"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.

The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:

1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.

2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters

3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.

4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.

5.Close regedit and restart."

SECOND THING I TRIED:

"winsockxpfix.exe"

WinSock XP Fix 1.2

Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.

It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.

If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.

It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."

THE THIRD THING I TRIED

Post from Topic on Web Site

"Had the same problem but found a VERY simple fix

Hi everyone,

Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.

I had been on several forums and sites that had suggested the following:

Go to My Network Places

View Network Connections

Then view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.

I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).

Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...

Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!

Tiffany"

NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:

Logfile of HijackThis v1.99.1

Scan saved at 8:38:43 AM, on 03/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\iexeplore.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\spool32.exe

C:\Program Files\CpuIdle\cpuidle.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Program Files\SpyStopper Pro\ssp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\PROGRA~1\AUSLOG~1\boostspeed.exe

C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\VCOM\PowerDesk\PDExplo.exe

C:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

F2 - REG:system.ini: Shell=explorer.exe iexeplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"

O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exe

O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

And here is my AVG Anti-Spyware v7.5 Log File:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:26:18 AM 03/11/2006

+ Scan result:

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected] rture[1].txt -> TrackingCookie.Overture : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.

::Report end

I have Bit Defender v10 installed and it says I am free of viruses

Thank you very much in advance for your help

Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#2 Report Post

Unread Yesterday, 11:05 PM

AnnMarie's Avatar

AnnMarie AnnMarie is offline

Moderator

Join Date: Oct 2001

Location: New Zealand

Posts: 33,271

Welcome to CTH derrettlee. I can see a malware startup in your log and a malware file in your running processes.

Before we start fixing your problem I would like to see if any other startups are involved. To do this, I need to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious.

In the meantime, I'll move your topic to the CyberSafety Forum.

__________________

Moderator: Cyber Safety Forum

Microsoft MVP - Windows Shell/User 2004/2005/2006

Please do not send me Emails or Private Messages for personal support. Last time I checked, there were still only 24 hours in a day. Thank you.

How to help prevent re-infection

Reply With Quote Multi-Quote This Message Quick reply to this message

AnnMarie

View Public Profile

Send a private message to AnnMarie

Send email to AnnMarie

Find all posts by AnnMarie

Add AnnMarie to Your Buddy List

#3 Report Post

Unread Today, 01:03 AM

derrettlee derrettlee is online now

New Member

Join Date: Nov 2006

Location: Toronto, Canada

Posts: 2

First let me thank you for replying to my post. It is greatly appreciated. Here is the log from silentrunners. I have also included at the end the transcript from another suggested fix that someone suggested I try. Unfortunately it did not work, however, it will bring you up to date on the current state of my system. Your silentrunners log was done after this fix was tried.

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++}

"TaskSwitchXP" = "C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" ["Alexander Avdonin"]

"SkinClock" = "C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe" [null data]

"DVDIdle Pro Application" = "C:\Program Files\DVDIdle Pro\DVDIdlePro.exe" ["Fengtao Software Inc."]

"BoostSpeed" = ""C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q" ["AusLogics, Inc."]

"RemoteCenter" = "C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE " ["Creative Technology Ltd"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run \ {++}

"CTSysVol" = "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]

"CTDVDDET" = "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" ["Creative Technology Ltd"]

"CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"]

"AsioReg" = "REGSVR32.EXE /S CTASIO.DLL" [MS]

"SBDrvDet" = "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r" ["Creative Technology Ltd"]

"CpuIdle" = "C:\Program Files\CpuIdle\cpuidle.exe" ["Andreas Goetz"]

"ASUS Probe" = "C:\Program Files\ASUS\Asus Probe\AsusProb.exe" [null data]

"SpyStopperPro" = "C:\Program Files\SpyStopper Pro\ssp.exe" ["InfoWorks Technology Company "]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]

"SystemBoosterXP" = "C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe" [empty string]

"BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]

"BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run OnceEx\ {++}

"Flag" = hex:0x00000002

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "AcroIEHlprObj Class"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {HKLM...CLSID} = "Display Panning CPL Extension"

\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {HKLM...CLSID} = "Portable Media Devices Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS]

"{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

"{0A435D73-6459-4b87-971D-0EEBFD2495BA}" = "ContextAttrib"

-> {HKLM...CLSID} = "ContextAttrib"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]

"{00537963-0001-0001-0004-00c0dfe64a64}" = "Command Box Context Menu Handler"

-> {HKLM...CLSID} = "Command Box Context Menu Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\cmdhere.dll" ["Synesis Software (Pty) Ltd"]

"{25D84CB0-7345-11D3-A4A1-0080C8ECFED4}" = "DLL Registerer"

-> {HKLM...CLSID} = "DLL Registerer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\dllregshex.dll" ["See 'About...' box after this DLL is registered."]

"{DD23BD50-C784-4557-BE82-1B3FDDB22CA5}" = "BrowserBack Extension"

-> {HKLM...CLSID} = "BrowserBackExt Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\BrowserBack.dll" [empty string]

"{A0F26623-302C-41E1-B00C-04EE54A3188C}" = "SelectAll Extension"

-> {HKLM...CLSID} = "SelectAllExt Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\SelectAll.dll" [empty string]

"{AC67E92C-D916-4058-A7B8-0913746592F4}" = "HiddenFilesToggle Extension"

-> {HKLM...CLSID} = "HiddenFilesToggleExt Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\HiddenFilesToggle.dl l" [empty string]

"{D8E899D8-A7B3-449C-BFDF-761FC5826313}" = "FileExtToggle Extension"

-> {HKLM...CLSID} = "FileExtToggleExt Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\FileExtToggle.dl l" [empty string]

"{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}" = "ContextMenuExt Extension"

-> {HKLM...CLSID} = "ContextMenuExt Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]

"{97F6E51A-2934-4297-B06C-1CCCA326C5E6}" = "Find Target 2"

-> {HKLM...CLSID} = "SHFindTarget Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\FindTarget.dll" [empty string]

"{00537963-0001-0002-0004-00c0dfe64a64}" = "File Case Context Menu Handler"

-> {HKLM...CLSID} = "File Case Context Menu Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MEFlCase.dll" ["Synesis Software (Pty) Ltd"]

"{00537963-0001-0004-0004-00c0dfe64a64}" = "Run Program Context Menu Handler"

-> {HKLM...CLSID} = "Run Program Context Menu Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MERunPrg.dll" ["Synesis Software (Pty) Ltd"]

"{67C63340-679B-11D2-92EE-000021474C11}" = "OpenExpert Extensions"

-> {HKLM...CLSID} = "OpenExpert Extensions"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\OpenExpert.dll" [null data]

"{1530f7ee-5128-43bd-9977-84a4b0fad7df}" = "Photo Resizing PowerToy"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\phototoys.dll" [MS]

"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

"{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete"

-> {HKLM...CLSID} = "IE Microsoft AutoComplete"

\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]

"{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band"

-> {HKLM...CLSID} = "History Band"

\InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]

"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"

-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"

-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

"{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}" = "RXDCExtShlExt extension"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

"{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"

-> {HKLM...CLSID} = "Roxio DragToDisc Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Roxio\Drag-to-Disc\Shellex.dll" ["Sonic Solutions"]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]

"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

"{CCA60260-A2C9-11D2-BA62-0020188191B2}" = "Registrar Registry Manager SHell Extension"

-> {HKLM...CLSID} = "Registrar Registry Manager SHell Extension"

\InProcServer32\(Default) = "rrShellX.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks\

<<!>> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" = "Microsoft AntiMalware ShellExecuteHook"

-> {HKLM...CLSID} = "Microsoft AntiMalware ShellExecuteHook"

\InProcServer32\(Default) = "C:\PROGRA~1\WIFD1F~1\MpShHook.dll" [MS]

<<!>> "{93994DE8-8239-4655-B1D1-5F4E91300429}" = (no title provided)

-> {HKLM...CLSID} = "DVDIdleShell Class"

\InProcServer32\(Default) = "C:\Program Files\DVDIdle Pro\DVDShell.dll" ["Fengtao Software Inc."]

<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"

-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\

<<!>> "AppInit_DLLs" = "sockspy.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandler s\

{0BC1E559-9D68-4E99-AFD9-98D27DAB971D}\(Default) = "TreeSize FolderSizeColumn"

-> {HKLM...CLSID} = "ColHandler"

\InProcServer32\(Default) = "C:\PROGRA~1\JAMSOF~1\TREESI~1\FSizeCol.dll" ["JAM Software"]

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"

-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"

\InProcServer32\(Default) = "C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}\(Default) = "{9D4E3F43-DB97-40D6-BDCB-7C9CFC69E222}"

-> {HKLM...CLSID} = "Softpointer Column Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\AUDIOS~1.DLL" ["Softpointer Inc"]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandler s\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

ACShell\(Default) = "{D3F9A525-8824-497A-BE36-B23E22F141FC}"

-> {HKLM...CLSID} = "Attribute Changer Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Attribute Changer\acshell.dll" ["Romain Petges"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

ContextAttrib\(Default) = "{0A435D73-6459-4b87-971D-0EEBFD2495BA}"

-> {HKLM...CLSID} = "ContextAttrib"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

-> {HKLM...CLSID} = "ContextMenuExt Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]

File Case Context Menu Handler\(Default) = "{00537963-0001-0002-0004-00c0dfe64a64}"

-> {HKLM...CLSID} = "File Case Context Menu Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\MEFlCase.dll" ["Synesis Software (Pty) Ltd"]

Ninotech Date Edit\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDD}"

-> {HKLM...CLSID} = "Ninotech Date Edit Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\DateEd32.dll" ["Ninotech"]

Ninotech Path Copy\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDE}"

-> {HKLM...CLSID} = "Ninotech Path Copy Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\PathCo32.dll" ["Ninotech"]

PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"

-> {HKLM...CLSID} = "PowerDesk ZIP Extension"

\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["V Communications, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]

{67C63340-679B-11D2-92EE-000021474C11}\(Default) = "{67C63340-679B-11D2-92EE-000021474C11}"

-> {HKLM...CLSID} = "OpenExpert Extensions"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\OpenExpert.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMen uHandlers\

7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"

-> {HKLM...CLSID} = "7-Zip Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]

ACShell\(Default) = "{D3F9A525-8824-497A-BE36-B23E22F141FC}"

-> {HKLM...CLSID} = "Attribute Changer Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Attribute Changer\acshell.dll" ["Romain Petges"]

AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"

-> {HKLM...CLSID} = "CContextScan Object"

\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]

Command Box Context Menu Handler\(Default) = "{00537963-0001-0001-0004-00c0dfe64a64}"

-> {HKLM...CLSID} = "Command Box Context Menu Handler"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\cmdhere.dll" ["Synesis Software (Pty) Ltd"]

ContextAttrib\(Default) = "{0A435D73-6459-4b87-971D-0EEBFD2495BA}"

-> {HKLM...CLSID} = "ContextAttrib"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextAttrib.dl l" ["Grigri"]

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

-> {HKLM...CLSID} = "ContextMenuExt Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]

Ninotech Date Edit\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDD}"

-> {HKLM...CLSID} = "Ninotech Date Edit Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\DateEd32.dll" ["Ninotech"]

Ninotech Path Copy\(Default) = "{EECEEFEE-3DF7-11D0-9576-0000837A2FDE}"

-> {HKLM...CLSID} = "Ninotech Path Copy Shell Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\PathCo32.dll" ["Ninotech"]

PowerDesk Menu\(Default) = "{26E7F081-EB97-11d3-9239-006008D2D00F}"

-> {HKLM...CLSID} = "PowerDesk ZIP Extension"

\InProcServer32\(Default) = "C:\Program Files\VCOM\PowerDesk\PDShExt.dll" ["V Communications, Inc."]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"

-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"

\InProcServer32\(Default) = ""C:\Program Files\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHa ndlers\

CopyMoveTo\(Default) = "{51131DA7-1D24-40e5-AE07-5E3750F5DE3C}"

-> {HKLM...CLSID} = "ContextMenuExt Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\ShellExt\ContextMenuExt.d ll" [null data]

PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}"

-> {HKLM...CLSID} = "PowerISO"

\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" ["PowerISO Computing, Inc."]

RXDCExtSvr\(Default) = "{0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll" ["Sonic Solutions"]

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"

-> {HKLM...CLSID} = "WinRAR"

\InProcServer32\(Default) = "C:\Program Files\Utilities\WinRAR\RarExt.dll" [null data]

HKLM\Software\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\

UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}"

-> {HKLM...CLSID} = "UnlockerShellExtension"

\InProcServer32\(Default) = "C:\Program Files\Unlocker\UnlockerCOM.dll" [null data]

Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#4 Report Post

Unread Today, 01:04 AM

derrettlee derrettlee is online now

New Member

Join Date: Nov 2006

Location: Toronto, Canada

Posts: 3

Default executables:

--------------------

<<!>> HKLM\Software\Classes\scrfile\shell\open\command\( Default) = ""%1" %*" [file not found]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoSharedDocuments" = (REG_DWORD) hex:0x00000001

{User Configuration|Administrative Templates|Windows Components|Windows Explorer|

Remove Shared Documents from My Computer}

"NoRecentDocsMenu" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoRecentDocsHistory" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoSMConfigurePrograms" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoInstrumentation" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

"_NoDriveTypeAutoRun" = (REG_DWORD) hex:0x00000091

{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\

"NoDesktopCleanupWizard" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"ForceClassicControlPanel" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

"NoCDBurning" = (REG_DWORD) hex:0x00000000

{unrecognized setting}

HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"DisableTaskMgr" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|

Remove Task Manager}

"DisableRegistryTools" = (REG_SZ) 0

{User Configuration|Administrative Templates|System|

Prevent access to registry editing tools}

HKCU\Software\Policies\Microsoft\Windows\System\

"DisableCMD" = (REG_DWORD) hex:0x00000000

{User Configuration|Administrative Templates|System|

Disable the command prompt}

HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001

{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|

Devices: Allow undock without having to log on}

"NoInternetOpenWith" = (REG_DWORD) hex:0x00000001

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\WINDOWS\web\wallpaper\Bliss.bmp"

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup

"Dialog Helper" -> shortcut to: "C:\Program Files\VCOM\PowerDesk\pddlghlp.exe /s" ["V Communications, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."]

Enabled Scheduled Tasks:

------------------------

"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

"MP Scheduled Scan" -> launches: "C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges" [MS]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"

Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]

InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\

"ButtonText" = "Research"

Miscellaneous IE Hijack Points

------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

<<H>> "TuneUp" = "file://C|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]

AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."]

BitDefender Communicator, XCOMM, ""C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]

BitDefender Desktop Update Service, LIVESRV, ""C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service" ["SOFTWIN S.R.L."]

BitDefender Scan Server, bdss, ""C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]

BitDefender Virus Shield, VSSERV, ""C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service" ["SOFTWIN S.R.L."]

Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.exe" ["Creative Technology Ltd"]

Diskeeper, Diskeeper, ""C:\Program Files\Executive Software\Diskeeper\DkService.exe"" ["Executive Software International, Inc."]

Ulead Burning Helper, UleadBurningHelper, "C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe" ["Ulead Systems, Inc."]

Windows Defender, WinDefend, ""C:\Program Files\Windows Defender\MsMpEng.exe"" [MS]

WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]

Print Monitors:

---------------

HKLM\System\CurrentControlSet\Control\Print\Monito rs\

730 Series Port\Driver = "lxcflmpm.DLL" [empty string]

Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]

----------

<<!>>: Suspicious data at a malware launch point.

<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ To search all directories of local fixed drives for DESKTOP.INI

DLL launch points, use the -supp parameter or answer "No" at the

first message box and "Yes" at the second message box.

---------- (total run time: 65 seconds, including 18 seconds for message boxes)

THE TRANSCRIPT IS IN THE NEXT POST

Edited by derrettlee
Link to post
Share on other sites

HERE IS THE TRANSCRIPT - PART 2 OF MY POST

Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#5 Report Post

Unread Today, 01:07 AM

derrettlee derrettlee is online now

New Member

Join Date: Nov 2006

Location: Toronto, Canada

Posts: 4

05-Nov-2006 12:16 PM - Firefox, Thunderbird and IE Stop Working Azureus Keeps Working

derrettlee derrettlee is online now

Junior Member

Posts: 2

Join Date: Nov 2006

Location: Toronto, Canada

Experience: Intermediate

Hello:

I am having a problem with my Browsers (both IE, Firefox and Thunderbird) stop working after a short period of time after starting them. this time varies from start to start. My other internet programs like Azureus keep working. When I restart windows the Browsers work again for a short time and then stop again. I have tried the following:

FIRST THING I TRIED:

From Posted Topic on website:

"I'd been having a similar problem...the web browser would stop working after 15-20 minutes of internet activity. It took me about 2 minutes to fix following a fairly simple procedure.

The problem for me was that the DNS cache overflowed after a little while, so I simply added registry keys to prevent caching. This can be done as follows:

1. First thing you need to do is clear your current cache. At the command prompt (Run -> command) type in ipconfig /flushdns If everything went well ipconfig should spit out a line about successfully flushing the cache.

2. Now get into the registry editor (Run -> regedit). Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Dnscache\Parameters

3. Right click in the space to the right and select New -> DWORD Value. Name the DWORD MaxCacheTtl and make sure its value is 0. Values can be changed simply by double-clicking on the DWORD.

4. Create another new DWORD. Name this one MaxNegativeCacheTtl and again make sure its value is 0.

5.Close regedit and restart."

SECOND THING I TRIED:

"winsockxpfix.exe"

WinSock XP Fix 1.2

Fixes the winsock settings on your Windows XP machine. This tool is recommended for IT professionals only. Please read license.

It can often cure the problem of lost connections after the removal of Adware components or improper uninstall of firewall applications or other tools that modify the XP network and Winsock settings.

If you encounter connection problems after removing network related software, Adware or after registry clean-up; and all other ways fail, then give WinSock XP Fix a try.

It can create a registry backup of your current settings, so it is fairly safe to use. We actually tested it on a test machine that was having a Winsock problem due to some Adware removal, and after running the utility and rebooting, the connectivity was restored."

THE THIRD THING I TRIED

Post from Topic on Web Site

"Had the same problem but found a VERY simple fix

Hi everyone,

Just wanted to let you know that after I posted my extensive info on my own similar experience, I have found a simple and easy fix that I hope will help everyone else out a well.

I had been on several forums and sites that had suggested the following:

Go to My Network Places

View Network Connections

Then view the Properties of each connection you have and under the "Authentication" tab, make sure that the "Enable network access control using IEEE 802.1x" box is NOT checked.

I had tried this before but only did it on my LAN connection which didn't eliminate the problem. But when I also did the same on my network bridge, the problem was fixed (knock on wood).

Sometimes when new software is installed or uninstalled, it defaults back to being checked and I think this was my problem last week...

Hope this simple fix works for some other very frustrated people and good luck for all those who are still having problems!

Tiffany"

NOTHING HAS WORKED. I hope you can help me. Here is my HackThis Log file:

Logfile of HijackThis v1.99.1

Scan saved at 8:38:43 AM, on 03/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\iexeplore.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\spool32.exe

C:\Program Files\CpuIdle\cpuidle.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Program Files\SpyStopper Pro\ssp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe

C:\PROGRA~1\AUSLOG~1\boostspeed.exe

C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\Program Files\Azureus Ultra Accelerator\Azureus Ultra Accelerator.exe

C:\Program Files\Azureus\Azureus.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\VCOM\PowerDesk\PDExplo.exe

C:\Azureus Completed Files\Browser Stops Working\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

F2 - REG:system.ini: Shell=explorer.exe iexeplore.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [spyEmergency] "C:\Program Files\Netgate\Spy Emergency 2006\SpyEmergency.exe"

O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

O4 - HKCU\..\Run: [sMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"

O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q

O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe /SCB

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - HKCU\..\Run: [PcBoost] C:\Program Files\PcBoost\PcBoost.exe

O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

O4 - Startup: HDDlife.lnk = C:\Program Files\BinarySense\HDDlife\HDDlifePro.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000</a>

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

And here is my AVG Anti-Spyware v7.5 Log File:

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 8:26:18 AM 03/11/2006

+ Scan result:

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\My Documents\My Applications\WGA - RockXP v4.0 - Nov 1 2006 - No Crack Needed\RockXP4.exe/pwdump2\pwdump2.exe -> Not-A-Virus.PSWTool.Win32.PWDump.2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\pwdump2\samdump.dll -> Not-A-Virus.PSWTool.Win32.PWDump2 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected] rture[1].txt -> TrackingCookie.Overture : No action taken.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Overture : No action taken.

::Report end

I have Bit Defender v10 installed and it says I am free of viruses

Thank you very much in advance for your help

Edit | Quote | Quick Reply

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#2 Report Post to Moderators

05-Nov-2006 12:28 PM

JSntgRvr's Avatar

JSntgRvr JSntgRvr is offline JSntgRvr is authorized to help remove malware.

Distinguished Member

Posts: 7,266

Join Date: Jul 2003

Location: Puerto Rico

Experience: Advanced

Hi, derrettlee

Welcome to TSG.

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

1. Go Here and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Registry Modifications

Download the enclosed file:

Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Don't do anything with it yet. We will run it shortly.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=explorer.exe iexeplore.exe

Now close all windows and browsers, other than HiJackThis, then click Fix Checked.

Close Hijackthis.

Double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Restart the computer.

Click here to download Dr.Web CureIt and save it to your desktop.

* Doubleclick the drweb-cureit.exe file and allow to run the express scan

* This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

* Once the short scan has finished, mark the drives that you want to scan.

* Select all drives. A red dot shows which drives have been chosen.

* Click the green arrow at the right, and the scan will start.

* Click 'Yes to all' if it asks if you want to cure/move the file.

* When the scan has finished, look if you can click next icon next to the files found:

* If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

* This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)

* After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list

* Save the report to your desktop. The report will be called DrWeb.csv

* Close Dr.Web Cureit.

* Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

Attached Files

File Type: zip Regfix.zip (288 Bytes, 1 views)

__________________

Sometimes I think I understand everything,

then I regain consciousness.

If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for more that 7 days will become stale, and will no longer be part of my subscriptions. If you need the thread to be attended, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.

Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#6 Report Post

Unread Today, 01:08 AM

derrettlee derrettlee is online now

New Member

Join Date: Nov 2006

Location: Toronto, Canada

Posts: 5

Quote | Quick Reply

JSntgRvr

View Public Profile

Send a private message to JSntgRvr

Find all posts by JSntgRvr

Add JSntgRvr to Your Buddy List

#3 Report Post to Moderators

05-Nov-2006 05:15 PM - I Tried You Fixes - Here is the Information You Requested

derrettlee derrettlee is online now

Junior Member

Posts: 2

Join Date: Nov 2006

Location: Toronto, Canada

Experience: Intermediate

To: JSntgRvr - I Tried Your Fixes - Here Is The Information You Wanted

First, let me thank you very much for your quick reply and your suggestions !!!

I followed your instructions and tried your fixes. I am enclosing the new HiJackThis log, however there is no Dr. Web Cureit log as it did not find any viruses and the tab "Save Report List" was grayed out and not active. I will try the Browsers and Thunderbird for a while to see if the fixes worked. I sure hope they do. Again, many thanks.

Logfile of HijackThis v1.99.1

Scan saved at 4:01:33 PM, on 05/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe

C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

C:\WINDOWS\system32\CTHELPER.EXE

C:\Program Files\CpuIdle\cpuidle.exe

C:\Program Files\ASUS\Asus Probe\AsusProb.exe

C:\Program Files\SpyStopper Pro\ssp.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe

C:\Program Files\Softwin\BitDefender10\bdmcon.exe

C:\Program Files\Softwin\BitDefender10\bdagent.exe

C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

C:\PROGRA~1\AUSLOG~1\boostspeed.exe

C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe

C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender10\vsserv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\VCOM\PowerDesk\PDExplo.exe

C:\Azureus Completed Files\ERRORS in System\Browser Stops Working\HiJack This - Run From HDD\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL

O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r

O4 - HKLM\..\Run: [CpuIdle] C:\Program Files\CpuIdle\cpuidle.exe

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe

O4 - HKLM\..\Run: [spyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [systemBoosterXP] C:\Program Files\DiskTrix\SystemBooster2\SystemBooster.exe

O4 - HKLM\..\Run: [bDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"

O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe

O4 - HKCU\..\Run: [skinClock] C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe

O4 - HKCU\..\Run: [DVDIdle Pro Application] C:\Program Files\DVDIdle Pro\DVDIdlePro.exe

O4 - HKCU\..\Run: [boostSpeed] "C:\PROGRA~1\AUSLOG~1\boostspeed.exe" /Q

O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE

O4 - Startup: Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thank You Again !!!

Edit | Quote | Quick Reply

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

#4 Report Post to Moderators

05-Nov-2006 05:28 PM

JSntgRvr's Avatar

JSntgRvr JSntgRvr is offline JSntgRvr is authorized to help remove malware.

Distinguished Member

Posts: 7,266

Join Date: Jul 2003

Location: Puerto Rico

Experience: Advanced

Keep me posted.

__________________

Sometimes I think I understand everything,

then I regain consciousness.

If i have helped you, please make a donation to keep the site running. All proceeds go directly to the site!!! Donate Here

Unanswered threads for more that 7 days will become stale, and will no longer be part of my subscriptions. If you need the thread to be attended, please send me a Private Message. This applies only to the original thread starter. Everyone else please begin a New Thread.

Quote | Quick Reply

JSntgRvr

View Public Profile

Send a private message to JSntgRvr

Find all posts by JSntgRvr

Add JSntgRvr to Your Buddy List

#5

1 Minute Ago

derrettlee derrettlee is online now

Junior Member

Posts: 3

Join Date: Nov 2006

Location: Toronto, Canada

Experience: Intermediate

Hello:

I am sorry to say that the problem was not fixed. I tried it 6 times and every time after a short period of time which varied from about 5 minutes to 20 minutes Firefox and Thunderbird stopped working while Azureus kept right on going. Do you have any more suggestions??? They would be most welcomed. Thank you.

Edit | Quote | Quick Reply

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

Edit/Delete Message Reply With Quote Multi-Quote This Message Quick reply to this message

derrettlee

View Public Profile

Send a private message to derrettlee

Send email to derrettlee

Find all posts by derrettlee

Add derrettlee to Your Buddy List

Reply

Link to post
Share on other sites

I have combined these two topics since they are the same issue.

would you please make a new hijack this log, as the most recent one I see on this is 5/11/06.

This will not give us an accurate view of what is going on with your computer since it is 6 months old.

I have also looked at the logs you have posted at other pc tech boards and there you are also using old copies of Hijack this log. That is why nothing they are having you to do is working. and all of them are in the last week.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...