| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 80649 | 2007-06-30 18:14:00 | Internet explorer error. ntdll.dll | dbltap (12482) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 564638 | 2007-06-30 18:14:00 | Hope somebody can help me here. I recently followed the directions listed on these forums for a similar problem, but it didn't cure mine. Every time I go to close an internet window I get the following error: "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience." Under the details of the error, this is what I get: AppName: iexplore.exe AppVer: 7.0.6000.16473 ModName: ntdll.dll ModVer: 5.1.2600.2180 Offset: 00001010 In trying to fix it I have completed all steps in the Tuneup Utilities 2004, I have run Max Registry cleaner (and fixed 1990 errors!!!), I have defraged my machine, and installed and run Hijackthis_V2 and SmitRem (I did this based on a post on this forum site). Even after doing all of this, I keep getting the same Internet Explorer error message!!! I really have no clue what to do, and as you guys can probably tell - I'm not all that computer Savvy. It's the same as with my car - I can change the oil, and do the basics...but, I'm no mechanic!! |
dbltap (12482) | ||
| 564639 | 2007-06-30 19:26:00 | Copy and paste the hijackthis log u did here. Its most probably one of those registry programs you used that made it worse. Post the log and reinstall IE 7 if u havent tried this yet. Just dont get too carried away with those registry fix programs. |
Speedy Gonzales (78) | ||
| 564640 | 2007-06-30 20:33:00 | Speedy, thanks for the quick reply. Here's the Hijackthis log that you wanted. Hopefully you can make something out of all that mumbo-jumbo. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 12:28:11 PM, on 6/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Steganos AntiSpyware 2006\saspy2006.exe C:\Program Files\Steganos AntiSpam 2007\antispam.exe C:\Program Files\Steganos\Steganos Internet Security 2007\avp.exe C:\WINDOWS\System32\hphmon05.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\Steganos AntiDialer 2006\guard.exe C:\Program Files\Steganos\Steganos Internet Security 2007\avp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Steganos AntiSpyware 2006\WRSSSDK.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\HiJackThis_v2.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.aoztkzdtconwxogpdhd.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 168.94.74.68:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89F82DC4-E42A-EAF5-2221-9B5B5E2163C6} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\ Yahoo! \Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0 7.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [Antispyware 2006] "C:\Program Files\Steganos AntiSpyware 2006\saspy2006.exe" /startintray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Steganos AntiSpam 2007] "C:\Program Files\Steganos AntiSpam 2007\antispam.exe" O4 - HKLM\..\Run: [kis] "C:\Program Files\Steganos\Steganos Internet Security 2007\avp.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe O4 - HKCU\..\Run: [Steganos AntiDialer 2006] "C:\Program Files\Steganos AntiDialer 2006\guard.exe" O8 - Extra context menu item: Add to Steganos Anti-Banner - C:\Program Files\Steganos\Steganos Internet Security 2007\\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Web AntiVirus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Steganos\Steganos Internet Security 2007\scieplugin.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - www.stonyfield.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - h20270.www2.hp.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - a19.g.akamai.net O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - h17000.www1.hp.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - messenger.zone.msn.com O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - us.dl1.yimg.com O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - ak.imgag.com O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - messenger.zone.msn.com O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - zone.msn.com O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - h30043.www3.hp.com O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - chat.msn.com O18 - Protocol: bw+0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {F4E10B96-6DB3-4447-B436-E20C26FAC3ED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Steganos\STEGAN~1\adialhk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Steganos Internet Security 2007 (AVP) - Steganos GmbH - C:\Program Files\Steganos\Steganos Internet Security 2007\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Steganos AntiSpyware 2006\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 22092 bytes |
dbltap (12482) | ||
| 564641 | 2007-06-30 21:50:00 | Ok put hijackthis in its own folder first run it again tick these entries then tick fix checked. Close browser/s. O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {89F82DC4-E42A-EAF5-2221-9B5B5E2163C6} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RCAutoLiveUpdate] C:\Program Files\Max Registry Cleaner\MaxLiveUpdateRC.exe -AUTO O4 - HKLM\..\Run: [RCSystemTray] C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe This may have been the prob O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - a19.g.akamai.net I would remove / uninstall those registry fix programs, and get Ccleaner (http://www.ccleaner.com) It removes temp files etc as well as invalid entries in the registry. Then reboot, then see if IE crashes. |
Speedy Gonzales (78) | ||
| 564642 | 2007-08-03 08:52:00 | Copy and paste the hijackthis log u did here . Its most probably one of those registry programs you used that made it worse . Post the log and reinstall IE 7 if u havent tried this yet . Just dont get too carried away with those registry fix programs . Speedy please help me . i have the same question with dbltap . i have used the ways which you tell deltap on the page then i past my result for you . please help me to determine my problems . thanks Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 下午 04:11:33, on 2007/8/3 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\Program Files\Intel\Wireless\Bin\EvtEng . exe C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe C:\Program Files\Alwil Software\Avast4\ashServ . exe C:\acer\Empowering Technology\ePower\epm-dm . exe C:\Acer\Empowering Technology\admServ . exe C:\Program Files\MessengerPlus! 3\MsgPlus . exe C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin . exe C:\Program Files\Mindjet\MindManager 6\MMReminderService . exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe C:\Program Files\Java\jre1 . 6 . 0_02\bin\jusched . exe C:\Program Files\bluetooth Corporation\IVT BlueSoleil\BTNtService . exe C:\WINDOWS\system32\ctfmon . exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc . exe C:\Program Files\Messenger\msmsgs . exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer . exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService . exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM . EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe C:\WINDOWS\system32\svchost . exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched . exe C:\Program Files\Adobe\Acrobat 6 . 0\Distillr\acrotray . exe C:\Program Files\bluetooth Corporation\IVT BlueSoleil\BlueSoleil . exe C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe C:\Program Files\Alwil Software\Avast4\ashWebSv . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\MSN Messenger\msnmsgr . exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD . EXE C:\Program Files\Windows Media Player\wmplayer . exe C:\Program Files\自然輸入法\Utils\Going6 . exe C:\WINDOWS\system32\conime . exe C:\Program Files\KKman\KKMAN . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe O4 - HKLM\ . . \Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm . exe O4 - HKLM\ . . \Run: [eRecoveryService] ; C:\Acer\Empowering Technology\eRecovery\Monitor . exe O4 - HKLM\ . . \Run: [ADMTray . exe] ; "C:\Acer\Empowering Technology\admtray . exe" O4 - HKLM\ . . \Run: [eDataSecurity Loader] ; C:\Acer\Empowering Technology\eDataSecurity\eDSloader . exe O4 - HKLM\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" O4 - HKLM\ . . \Run: [PCMService] ; "C:\Program Files\CyberLink\PowerCinema\PCMService . exe" O4 - HKLM\ . . \Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin . exe /h O4 - HKLM\ . . \Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG . EXE /CJIMETIPSync O4 - HKLM\ . . \Run: [PHIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG . EXE /PHIMETIPSync O4 - HKLM\ . . \Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4 . exe O4 - HKLM\ . . \Run: [RemoteControl] ; C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe O4 - HKLM\ . . \Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [ avast! ] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp . exe O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_02\bin\jusched . exe" O4 - HKCU\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\ctfmon . exe O4 - HKCU\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" /WinStart O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [FreeRAM XP] ; "C:\DOCUME~1\林靜怡\LOCALS~1\Temp\Rar$EX00 . 094\FreeRAM XP Pro 1 . 40 . exe" -win O4 - HKUS\S-1-5-19\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\CTFMON . EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\CTFMON . EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\CTFMON . EXE (User 'SYSTEM') O4 - HKUS\ . DEFAULT\ . . \Run: [ctfmon . exe] C:\WINDOWS\system32\CTFMON . EXE (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL . EXE/3000 O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL . EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_02\bin\ssv . dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_02\bin\ssv . dll (file missing) O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\WINDOWS\system32\shdocvw . dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin . dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O9 - Extra 'Tools' menuitem: @xpsp3res . dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag . exe O15 - ESC Trusted Zone: http://* . update . microsoft . com O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - . moneydj . com/e/newage/msjavx86 . exe" target="_blank">www . moneydj . com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - . kaspersky . com/kos/eng/partner/default/kavwebscan_unicode . cab" target="_blank">www . kaspersky . com O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM . ATMFunc) - . mybank . com . tw/myatm/cab/CathayMyATM . CAB" target="_blank">www . mybank . com . tw O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - . microsoft . com/fwlink/?linkid=39204" target="_blank">go . microsoft . com O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - . bot . com . tw/FCard/NetATM/FCardS . CAB" target="_blank">ebank . bot . com . tw O16 - DPF: {5633A16D-D67C-11D4-8B44-0000E88F2063} (ImportExport Class) - . tachan . com . tw/tachan/CA/MSSTOCK . CAB" target="_blank">etrade . tachan . com . tw O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2 . EsConn) - . mybank . com . tw/MyATM/cab/CathayMyATM2 . CAB" target="_blank">www . mybank . com . tw O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - . update . microsoft . com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site . cab?1185881858968" target="_blank">www . update . microsoft . com O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - . chinatrust . com . tw/WebATM/1001/CTCBWebATM . cab" target="_blank">family . chinatrust . com . tw O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - . bisc . com . tw/cab/axekey . cab" target="_blank">ekey . bisc . com . tw O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - . bisc . com . tw/cab/getdir . cab" target="_blank">ekey . bisc . com . tw O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - . post . gov . tw/postatm/TRUSTATMPOST5 . cab" target="_blank">webatm . post . gov . tw O16 - DPF: {CEB9866E-C394-4230-82CB-407E7DCED7C7} (Helper Class) - . moneydj . com/e/newage/DJSysProbe . cab" target="_blank">www . moneydj . com O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - . tcb-bank . com . tw/EATM . cab" target="_blank">eatm . tcb-bank . com . tw O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1 . DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv . exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ . exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv . exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv . exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc . - C:\Acer\Empowering Technology\admServ . exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\bluetooth Corporation\IVT BlueSoleil\BTNtService . exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc . exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched . exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer . exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng . exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService . exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT . exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc . exe O23 - Service: Remote Packet Capture Protocol v . 0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd . exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon . exe -- End of file - 9311 bytes |
jeaonson (12483) | ||
| 564643 | 2007-08-03 09:18:00 | Run hijackthis again tick these entries then tick fix checked. Do you know what this does? C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe I know its a plugin, but what does it do? Uninstall this, it may contain adware O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" Safe O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe Not too sure what this does O4 - HKLM\..\Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h Safe O4 - HKLM\..\Run: [RemoteControl] ; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" May install adware O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart If you want to use this, install MSN Messenger instead. O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [FreeRAM XP] ; "C:\DOCUME~1\林靜怡\LOCALS~1\Temp\Rar$EX00.094\FreeRA M XP Pro 1.40.exe" -win O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing) O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - www.mybank.com.tw O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - ebank.bot.com.tw O16 - DPF: {5633A16D-D67C-11D4-8B44-0000E88F2063} (ImportExport Class) - etrade.tachan.com.tw O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - www.mybank.com.tw O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - family.chinatrust.com.tw O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - ekey.bisc.com.tw O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - ekey.bisc.com.tw O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - webatm.post.gov.tw O16 - DPF: {CEB9866E-C394-4230-82CB-407E7DCED7C7} (Helper Class) - www.moneydj.com O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - eatm.tcb-bank.com.tw Is this a chinese / some other version of Windows? Reboot then see if things are ok. Umm do you log onto a bank? mybank.com.tw?? |
Speedy Gonzales (78) | ||
| 564644 | 2007-08-08 06:06:00 | Dont bother with IE7 people, try Apple Safari or Mozilla Firefox. Those two are better alternatives to IE7. msnplugin.exe is perfectally fine, apparantly it is safe and for app procedures. stated on this site . It also scans it for you to find errors translate.google.com 3D10%26hl%3Den%26sa%3DN |
timmy101 (12484) | ||
| 564645 | 2007-08-16 06:03:00 | Speedy Gonzales thanks i have sloved my problem . I come from TAIEAN MAY I make friendns with you? MY MSN jeaonson@hotmail . com Run hijackthis again tick these entries then tick fix checked . Do you know what this does? C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin . exe I know its a plugin, but what does it do? Uninstall this, it may contain adware O4 - HKLM\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" Safe O4 - HKLM\ . . \Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck . exe Not too sure what this does O4 - HKLM\ . . \Run: [MSNDreyePlugin] C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin . exe /h Safe O4 - HKLM\ . . \Run: [RemoteControl] ; C:\Program Files\CyberLink\PowerDVD\PDVDServ . exe O4 - HKLM\ . . \Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 6\MMReminderService . exe O4 - HKLM\ . . \Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8 . 0\Reader\Reader_sl . exe" O4 - HKLM\ . . \Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1 . 6 . 0_02\bin\jusched . exe" May install adware O4 - HKCU\ . . \Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus . exe" /WinStart If you want to use this, install MSN Messenger instead . O4 - HKCU\ . . \Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs . exe" /background O4 - HKCU\ . . \Run: [FreeRAM XP] ; "C:\DOCUME~1\林靜怡\LOCALS~1\Temp\Rar$EX00 . 094\FreeRA M XP Pro 1 . 40 . exe" -win O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_02\bin\ssv . dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1 . 6 . 0_02\bin\ssv . dll (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin . dll (file missing) O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM . ATMFunc) - . mybank . com . tw/myatm/cab/CathayMyATM . CAB" target="_blank">www . mybank . com . tw O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - . bot . com . tw/FCard/NetATM/FCardS . CAB" target="_blank">ebank . bot . com . tw O16 - DPF: {5633A16D-D67C-11D4-8B44-0000E88F2063} (ImportExport Class) - . tachan . com . tw/tachan/CA/MSSTOCK . CAB" target="_blank">etrade . tachan . com . tw O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2 . EsConn) - . mybank . com . tw/MyATM/cab/CathayMyATM2 . CAB" target="_blank">www . mybank . com . tw O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - . chinatrust . com . tw/Web . . . CTCBWebATM . cab" target="_blank">family . chinatrust . com . tw O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - . bisc . com . tw/cab/axekey . cab" target="_blank">ekey . bisc . com . tw O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - . bisc . com . tw/cab/getdir . cab" target="_blank">ekey . bisc . com . tw O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - . post . gov . tw/postatm/TRUSTATMPOST5 . cab" target="_blank">webatm . post . gov . tw O16 - DPF: {CEB9866E-C394-4230-82CB-407E7DCED7C7} (Helper Class) - . moneydj . com/e/newage/DJSysProbe . cab" target="_blank">www . moneydj . com O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - . tcb-bank . com . tw/EATM . cab" target="_blank">eatm . tcb-bank . com . tw Is this a chinese / some other version of Windows? Reboot then see if things are ok . Umm do you log onto a bank? mybank . com . tw?? |
jeaonson (12483) | ||
| 564646 | 2007-08-25 15:08:00 | Hello Speedy . My Mozilla crashes with ndll . dll . Please help me! Logfile of Trend Micro HijackThis v2 . 0 . 2 Scan saved at 5:30:34 PM, on 8/25/2007 Platform: Windows XP SP2 (WinNT 5 . 01 . 2600) MSIE: Internet Explorer v6 . 00 SP2 (6 . 00 . 2900 . 2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss . exe C:\WINDOWS\system32\winlogon . exe C:\WINDOWS\system32\services . exe C:\WINDOWS\system32\lsass . exe C:\WINDOWS\system32\svchost . exe C:\WINDOWS\System32\svchost . exe C:\WINDOWS\Explorer . EXE C:\WINDOWS\system32\spoolsv . exe C:\WINDOWS\SOUNDMAN . EXE C:\Program Files\WinFast\WFTVFM\WFWIZ . exe C:\Program Files\Eset\nod32kui . exe C:\Program Files\D-Tools\daemon . exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor . exe C:\Program Files\Eset\nod32krn . exe C:\WINDOWS\system32\nvsvc32 . exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr . exe C:\WINDOWS\system32\wuauclt . exe C:\Program Files\ Yahoo! \Messenger\YahooMessenger . exe C:\Program Files\Mozilla Firefox\firefox . exe C:\Program Files\Trend Micro\HijackThis\HijackThis . exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: & Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper . dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1 . 1 . 3 . 19 . dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \Companion\Installs\cpn\yt . dll O4 - HKLM\ . . \Run: [SoundMan] SOUNDMAN . EXE O4 - HKLM\ . . \Run: [NvCplDaemon] RUNDLL32 . EXE C:\WINDOWS\system32\NvCpl . dll,NvStartup O4 - HKLM\ . . \Run: [nwiz] nwiz . exe /install O4 - HKLM\ . . \Run: [NvMediaCenter] RunDLL32 . exe NvMCTray . dll,NvTaskbarInit O4 - HKLM\ . . \Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ . exe O4 - HKLM\ . . \Run: [nod32kui] "C:\Program Files\Eset\nod32kui . exe" /WAITSERVICE O4 - HKLM\ . . \Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon . exe" -lang 1033 O4 - HKLM\ . . \Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck . exe O4 - HKLM\ . . \Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\ . . \Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor . exe" O4 - Global Startup: Adobe Reader Speed Launch . lnk = C:\Program Files\Adobe\Reader 8 . 0\Reader\reader_sl . exe O4 - Global Startup: Adobe Reader Synchronizer . lnk = C:\Program Files\Adobe\Reader 8 . 0\Reader\AdobeCollabSync . exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddLink . htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddVideo . htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet . exe/AddAllLink . htm O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\ Yahoo! \Common\yiesrvc . dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs . exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\ Yahoo! \Common\Yinsthelper . dll O17 - HKLM\System\CCS\Services\Tcpip\ . . \{956EE344-E16A-4F0E-B0DD-3C3E60C67215}: NameServer = 86 . 127 . 210 . 178 86 . 127 . 210 . 178 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn . exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32 . exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc . - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr . exe -- End of file - 4118 bytes |
volfied (12485) | ||
| 564647 | 2007-08-25 18:25:00 | Log looks ok to me Volfied. Run hijackthis again tick these entries then tick fix checked. Close browser/s. These are safe but dont have to run on startup O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k If you dont use Nero Home tick this entry. If you do, dont tick this entry. O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe What version of Mozilla / Firefox / Thunderbird is installed? Try uninstalling it / deleting its folders, and reinstalling it. |
Speedy Gonzales (78) | ||
| 1 | |||||