| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 90622 | 2008-06-10 06:36:00 | Dodgy WLM | Blam (54) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 677256 | 2008-06-10 06:36:00 | These days WLM randomly shows ups with the "Windows Live messenger has stopped working" thing and WLM crashes. I think I have spyware/adware on my computer but am not sure. Also the weirdest thing is that everybody on my contact list send me something like: nice foto :P http:/rsigmachicken2@hotmail.com And I have asked them and they have said that they have not sent these messages. It has also seemed to have "passed on" to others too as others are starting to see this happen to their WLM too. |
Blam (54) | ||
| 677257 | 2008-06-10 06:54:00 | Also, two more things, when I save a file onto my desktop then edit it then save it again it moves to another place. This is very annoying for me. Second thing is that my sidebar gadgets that I have undocked from the sidebar slowly and mysterious move to the left bit by bit which is very annoying. I think this might be related to two other problems that I've had for quite a while now, 1. When I boot the laptop the loading bar thing with the green blocks moving towards the left thing is now half of the size of what it used to be, it is now tiny but is "sharper" 2. After playing any fullscreen game or application all the undocked sidebar move themselves out of place for no reason. I have a feeling both of these problems are related to resolution. Another problem is that I have 2 "contact folders" and 2 "desktop folders" with totally different things in them! I could do a screen shot but don't know how to show it to u guys cos copy and paste doesn't work! Last problem is that my start search is stuffed up, it can't find anything, have tried all the to rebuild the index or whatever but I have trie everything and it has not worked. HELP PLEASE!! If it helps here is a HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:57:17 p.m., on 10/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\ThpSrv.exe C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\wksvcsc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\soffice.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe C:\Windows\explorer.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\Windows\system32\conime.exe G:\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brian's Browser R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = skcproxy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\ plugins\com.ibm.productivity.tools.base.app.win32_ 3.0.0.20070913-1045\preload.exe C:\PROGRA~1\IBM\Lotus\Symphony\data\.sodc\ O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\IMVU\Run IMVU.lnk (file missing) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1c88e2ea271caa6) (gupdate1c88e2ea271caa6) - Google Inc. - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: roclient - Unknown owner - C:\Program Files\RemoteObserverClient\roclient.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe -- End of file - 10465 bytes |
Blam (54) | ||
| 677258 | 2008-06-10 07:02:00 | hmm this looks suss Tick these then tick fix checked Close browsers This entry looks like its an IRC trojan (www.sophos.com) If this computer logs into IRC, get out of the program / quit it now C:\Windows\wksvcsc.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 O4 - HKLM\..\Run: [Windows UDP Control Services] wksvcsc.exe O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\12189\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\IMVU\Run IMVU.lnk (file missing) Uninstall all versions of Java, link is in my sig This is for a school is it?? Install something better than Mcafees. Didnt you post a log from this computer before?? Get trojan remover and do a scan with it I thought Vista was MEANT to be more secure than XP? I doubt it, by looking at most of the logs that have been posted in here recently |
Speedy Gonzales (78) | ||
| 677259 | 2008-06-10 07:25:00 | Thanks speedy, and yes, it is for school. btw this one: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 might be needed to connect to the network at school, should I still remove it? Also, uninstalling mcafee would be quite a big thing for me, are you sure avast would be better? Mcaffee scans in the background (on access scan) which is pretty useful. Skool technicians say Mcaffee is betta. Don't know who to believe! |
Blam (54) | ||
| 677260 | 2008-06-10 07:34:00 | R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 might be needed to connect to the network at school, should I still remove it? If you are SURE its needed leave it there Also, uninstalling mcafee would be quite a big thing for me, are you sure avast would be better? Mcaffee scans in the background (on access scan) which is pretty useful. Even Avast Home is better than Mcafee (And Symantec for that matter). The free and Pro version also scan in the background. BOTH can also pick up nasties on a network. And if you go to a folder with a nasty in it, it'll alert you, and tell you WHAT it is. And give you an option to delete it / remove it. You can also scan with both in my computer (right mouse / scan). Both also scan email, web sites, Outlook, IM programs, and P2P programs. And rootkits / spyware Most of the logs I've seen in here so far, have 3 things in common. Vista, Mcafees, and Symantec. They're NOT good together |
Speedy Gonzales (78) | ||
| 677261 | 2008-06-10 08:27:00 | Bad new speedy, as soon as someone signed in it came up again Billy says: nice foto :P [edit: link to binary file removed] |
Blam (54) | ||
| 677262 | 2008-06-10 08:35:00 | Did u tick the entries I posted and do a scan with trojan remover? Dont post that link in here, it may infect people if u click on it, after u save it If those 2 entries are still there, disable system restore, wherever it is tick them again then scan the system with trojan remover, or delete them |
Speedy Gonzales (78) | ||
| 677263 | 2008-06-10 08:52:00 | Have done everything you have asked, entries in HijackThis are gone, and Trojanremover found nothing. Also, Java installation failed | Blam (54) | ||
| 677264 | 2008-06-10 08:56:00 | Hmm post an updated HJT log. Then open my computer or whatever Vista has then highlight c right mouse / scan with trojan remover Can you disable system restore if it belongs to a school? |
Speedy Gonzales (78) | ||
| 677265 | 2008-06-10 10:24:00 | Yes, I can (for good purposes) and have scanned C drive already with trojan remover, nothing bad. Here's an updated HijackThis Log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:01:53 p.m., on 10/06/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\ThpSrv.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\Pixart\Pac7311\Monitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Protector Suite QL\psqltray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Glary Utilities\Integrator.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Mozilla Firefox 3 Beta 5\firefox.exe C:\PROGRA~1\TROJAN~1\RMVTRJAN.EXE C:\PROGRA~1\TROJAN~1\RMVTRJAN.EXE D:\Documents\Home Folder\My Software\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotinfolink.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Brian's Browser R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigURL = skcproxy R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 67.159.31.4:80 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ThpSrv] C:\Windows\system32\thpsrv /logon O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [PAC7311_Monitor] C:\Windows\PixArt\PAC7311\Monitor.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O9 - Extra 'Tools' menuitem: &Google Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.3.14.2\gears.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\Software\..\Telephony: DomainName = student.sk.edu O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = student.sk.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = student.sk.edu O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate1c88e2ea271caa6) (gupdate1c88e2ea271caa6) - Google Inc. - C:\Program Files\Google\Update\1.1.25.0\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee McShield (McShield) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (file missing) O23 - Service: McAfee Task Manager (McTaskManager) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: roclient - Unknown owner - C:\Program Files\RemoteObserverClient\roclient.exe O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\Windows\system32\ThpSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Websense Desktop Client (WebsenseDesktopClient) - Websense - C:\Program Files\PMM\WDC.exe -- End of file - 8920 bytes |
Blam (54) | ||
| 1 2 | |||||