WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Please could someone help?

Started by e-bore , Sep 30 2007 07:11 AM

Please log in to reply

23 replies to this topic

#16 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 05 October 2007 - 05:01 PM

Nothing except the outdated Java, although you didn't let the scan complete (it notifies you when it is through). I again checked back through the logs and might mention this:

O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL

This is Read and Write Gold, which although not suspect I realize sells for $645 USD, so of course is not often seen in logs. How long have you had this software installed related to these current issues?

Why not update Java now and see if it in some way aids this situation (newer softwares and older Java there). Go to Add/Remove Programs in Control Panel and uninstall all versions Java/JRE (Sun Java Runtime Environment/J2SE Runtime Environment) and reboot. When you have done that, go here and download and install the latest version of Sun Java (Java Runtime Environment (JRE) 6 Update 2). The current file name for that is jre-6u2-windows-i586-p.exe, though may have just updated to a 6u3 by the looks of a log I just received.

Then reboot, and run/post back a complete Silent Runners log.

Advertisements

Register to Remove

#17 e-bore

Authentic Member

Authentic Member
35 posts

Posted 09 October 2007 - 04:05 AM

How do Jintan,

I've installed Java 3 as instructed.

The Read & Write Gold is dyslexia support software. I was given this laptop because I'm dyslexic, and all the software relating to that (such as R&W) was installed with windows before I got it; FF2 was installed later by me.

As for the previous log, I did wait for the notification; maybe summat else went awry? (I did think it looked a bit short; but I did the full length one this time)

Here's the latest Silent Runners log for your perusal:

"Silent Runners.vbs", revision 52, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS]
"PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS]
"PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS]
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"High Definition Audio Property Page Shortcut" = "HDAShCut.exe" ["Windows (R) Server 2003 DDK provider"]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet" ["NVIDIA Corporation"]
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"AzMixerSel" = "C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" ["Realtek Semiconductor Corp."]
"PCMService" = ""c:\Apps\Powercinema\PCMService.exe"" ["CyberLink Corp."]
"EEventManager" = "C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" ["SEIKO EPSON CORPORATION"]
"CaISSDT" = ""C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"" ["Computer Associates International, Inc."]
"eTrustPPAP" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"" ["Computer Associates"]
"QOELOADER" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"" ["Computer Associates, Inc."]
"CaAvTray" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"" ["Computer Associates International, Inc."]
"CAVRID" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"" ["Computer Associates International, Inc."]
"Zone Labs Client" = ""C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"" ["Computer Associates"]
"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
"DSLSTATEXE" = "C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe icon" ["GlobespanVirata, Inc."]
"DSLAGENTEXE" = "C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot" ["RealNetworks, Inc."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
										\StubPath   = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{060235DC-6D84-47BD-95D7-A4EF5099A59D}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "txthlpBHO Class"
				   \InProcServer32\(Default) = "C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL" [empty string]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "SSVHelper Class"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Helper"
				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
				   \InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll" ["Google Inc."]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Windows Live Toolbar Helper"
				   \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
  -> {HKLM...CLSID} = "Display Panning CPL Extension"
				   \InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
  -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"
  -> {HKLM...CLSID} = "DesktopContext Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"
  -> {HKLM...CLSID} = "NVIDIA CPL Extension"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
  -> {HKLM...CLSID} = "Desktop Explorer"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"
  -> {HKLM...CLSID} = "nView Desktop Context Menu"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
  -> {HKLM...CLSID} = "RecordNow! SendToExt"
				   \InProcServer32\(Default) = "C:\Apps\RecordNow\shlext.dll" [null data]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
  -> {HKLM...CLSID} = "Microsoft Office Outlook"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
  -> {HKLM...CLSID} = "Outlook File Icon Extension"
				   \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{1CE2AA40-1317-11D3-9922-00104B0AD431}" = "CA_AntiVirus"
  -> {HKLM...CLSID} = "CA_AntiVirus"
				   \InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" = "OpenOffice Property Sheet Handler"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\OpenOffice.org1.1.5\program\shlxthdl.dll" ["Sun Microsystems, Inc."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
  -> {HKLM...CLSID} = "My Sharing Folders"
				   \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS]
"{6B19FEC2-A45B-11CF-9045-00A0C9039735}" = "Registered ActiveX Controls"
  -> {HKLM...CLSID} = "Registered ActiveX Controls"
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{D545EBD1-BD92-11CF-8772-00A0C9039735}" = "Developer Studio Components"
  -> {HKLM...CLSID} = "Developer Studio Components"
				   \InProcServer32\(Default) = "C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\DEVXPGL.DLL" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
  -> {HKLM...CLSID} = "RealOne Player Context Menu Class"
				   \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
  -> {HKLM...CLSID} = "WPDShServiceObj Class"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
  -> {HKLM...CLSID} = (no title provided)
				   \InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
  -> {HKLM...CLSID} = "PDF Shell Extension"
				   \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
  -> {HKLM...CLSID} = "CA_AntiVirus"
				   \InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
  -> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
				   \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
CA_AntiVirus\(Default) = "{1CE2AA40-1317-11D3-9922-00104B0AD431}"
  -> {HKLM...CLSID} = "CA_AntiVirus"
				   \InProcServer32\(Default) = "C:\WINDOWS\avshlext.dll" ["Computer Associates International, Inc."]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
  -> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
				   \InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

"NoBandCustomize" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Internet Explorer|Toolbars|
Disable customizing browser toolbars}

"NoMovingBands" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoCloseDragDropBands" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSetTaskbar" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Start Menu and Taskbar|
Prevent changes to Taskbar and Start Menu Settings}

"NoToolbarsOnTaskbar" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

"NoSaveSettings" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|
Don't save settings at exit}

"NoActiveDesktop" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Desktop|Desktop / Active Desktop|
Disable Active Desktop}

"ClassicShell" = (REG_DWORD) hex:0x00000000
{User Configuration|Administrative Templates|Windows Components|Windows Explorer|
Enable Classic Shell / Turn on Classic Shell}

"NoNetHood" = (REG_DWORD) hex:0x00000000
{unrecognized setting}

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState


Startup items in "Jac" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Continue Setup" -> shortcut to: "D:\Installers\setup.exe" [file not found]
"Device Detector 2" -> shortcut to: "C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe" ["OLYMPUS Corporation."]


Enabled Scheduled Tasks:
------------------------

"Check Updates for Windows Live Toolbar" -> launches: "C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE" [MS]
"HPpromotions journeysoftware" -> launches: "C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe /N "journeysoftware" -r" ["hp"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\VetRedir.dll ["Computer Associates International, Inc."], 01 - 03, 09
%SystemRoot%\system32\mswsock.dll [MS], 04 - 06, 10 - 25
%SystemRoot%\system32\rsvpsp.dll [MS], 07 - 08


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
  -> {HKLM...CLSID} = "Windows Live Toolbar"
				   \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
  -> {HKLM...CLSID} = "&Google"
				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}"
  -> {HKLM...CLSID} = "Windows Live Toolbar"
				   \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
  -> {HKLM...CLSID} = "&Google"
				   \InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = (no title provided)
  -> {HKLM...CLSID} = "Windows Live Toolbar"
				   \InProcServer32\(Default) = "C:\Program Files\Windows Live Toolbar\msntb.dll" [MS]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
  -> {HKLM...CLSID} = "Real.com"
				   \InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
  -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
  -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
				   \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research"

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

CAISafe, CAISafe, "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe" ["Computer Associates International, Inc."]
CyberLink Background Capture Service (CBCS), CLCapSvc, ""c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe"" [empty string]
CyberLink Media Library Service, CyberLink Media Library Service, ""C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe"" ["Cyberlink"]
CyberLink Task Scheduler (CTS), CLSched, ""c:\APPS\Powercinema\Kernel\TV\CLSched.exe"" [empty string]
DM1Service, DM1Service, "C:\Program Files\Olympus\DeviceDetector\DM1Service.exe" ["OLYMPUS Corporation"]
Generic Service for HID Keyboard Input Collections, GenericHidService, "c:\APPS\HIDSERVICE\HIDSERVICE.exe" [null data]
Machine Debug Manager, MDM, ""C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"" [MS]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]
SmartLinkService, SLService, "slserv.exe" [" "]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
VET Message Service, VETMSGNT, "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe" ["Computer Associates International, Inc."]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
PCL Language Monitor\Driver = "hpz3l3xu.dll" ["Hewlett-Packard Company"]


---------- (launch time: 2007-10-08 11:44:27)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
  launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
  took 140 seconds.
---------- (total run time: 190 seconds)

Thanks for your continued help BTW,

JACK

#18 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 09 October 2007 - 10:18 AM

That's good that software is available, and was made available to you to assist with dyslexia. if you check through other threads in these forums you might notice and overabundance of fairly high cost software like Adobe's Acrobat package on very infected systems - all too often indications of software swiping and the bad results of that. Nothing of note in that full Silent Runners log, so for you it remains an issue of tweaking to get a solution. Again too often we see firewalls involved in what you describe, but if you checked that I am not sure I might have any other ideas.

#19 e-bore

Authentic Member

Authentic Member
35 posts

Posted 10 October 2007 - 04:49 AM

Hmmmmm... I'm a bit surprised at that. It's really slowing me down massively; it's not good timing either. There's no pirate software on this computer, nor has there ever been - I would lose all warranties for a start, never mind any other issues. I wonder, would a hardware firewall - a rooter box be a better investment than all these myriad software packages?

#20 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 10 October 2007 - 09:06 AM

The recommendation is both hardware and software firewalls, though I have seen the usual debates on this.

As you seem to still sense these issues are infection related we will add one additional scan here - no indications from this, best to seek out a software conflict solution at the WTT Windows forum.

Download ComboFix.exe from here to your desktop, and click the downloaded file to run the repair.

When the command window opens, select 1 (and Enter). Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

#21 e-bore

Authentic Member

Authentic Member
35 posts

Posted 12 October 2007 - 02:46 AM

Hello again,

Well, the system is still slow in terms of using browsers; the browsers unstable ("not responding" messages aplenty); the mouse button hypersensitive - maybe why I get multiple tabs when I only click for one; the whole of windows seems subtly affected; I still get that FF "-12263"; selecting and copying text is affected across the board: it's hard to select; and ctrl+c doesn't work - even in MSword i think, typing text here and in the address bar, search engine etc, seizes up.
In short, the whole system isn't quite working properly.

I'm not saying that there's necessarily a major virus infection: it may just be some less odious adware that's malfunctioning - some previous advice that seemed plausible was that it was a malfunction connected with the installation of firefox.

There aren't many things it could be, but I suspect that it's firefox related - I feel that the changes may have been triggered by an FF update.

The only other possibilities are: TV Ants; Sportsbar; SOP TV <- I installed these to try them out, then uninstalled them; I also signed up for a legitimate Scottish Football Association web tv site as well - I dunno whether these sorts of things could create conflicts or other problems.

Anyway, here's the ComboFix log:

ComboFix 07-10-12.1 - Jac 2007-10-11 21:17:46.1 - NTFSx86 
Microsoft Windows XP Professional  5.1.2600.2.932.81.1033.18.548 [GMT 1:00]
Running from: C:\Documents and Settings\Jac\My Documents\My Downloads\Fix PC\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((   Files Created from 2007-09-12 to 2007-10-12  )))))))))))))))))))))))))))))))
.

2007-10-11 21:15	51,200	--a------	C:\WINDOWS\NirCmd.exe
2007-10-10 11:11	582,656	---------	C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-09-12 21:09	<DIR>	d--------	C:\Program Files\SopCast

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-09 10:51	---------	d-----w	C:\Program Files\OpenOffice.org1.1.5
2007-10-08 10:43	---------	d-----w	C:\Program Files\Java
2007-10-03 13:37	---------	d-----w	C:\Program Files\KeyScrambler
2007-09-21 17:05	---------	d-----w	C:\Program Files\Paint.NET
2007-09-03 22:40	---------	d-----w	C:\Documents and Settings\All Users\Application Data\TEMP
2007-08-28 14:33	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Driving Test Success
2007-08-21 06:15	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15	683,520	------w	C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04	824,832	----a-w	C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04	671,232	----a-w	C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04	63,488	------w	C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04	6,058,496	------w	C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04	52,224	------w	C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04	477,696	----a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04	459,264	------w	C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04	44,544	------w	C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04	384,512	------w	C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04	383,488	------w	C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04	3,584,512	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04	27,648	----a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04	267,776	------w	C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04	232,960	------w	C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04	230,400	------w	C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04	214,528	----a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04	193,024	----a-w	C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04	153,088	------w	C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04	132,608	----a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04	124,928	------w	C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04	105,984	------w	C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04	102,400	------w	C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04	1,152,000	----a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21	625,152	------w	C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20	63,488	------w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34	161,792	------w	C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-16 22:20	---------	d-----w	C:\Program Files\MSXML 6.0
2007-07-30 18:19	92,504	----a-w	C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19	549,720	----a-w	C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19	53,080	----a-w	C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19	43,352	----a-w	C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19	325,976	----a-w	C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19	271,224	----a-w	C:\WINDOWS\system32\mucltui.dll
2007-07-30 18:19	207,736	----a-w	C:\WINDOWS\system32\muweb.dll
2007-07-30 18:19	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19	203,096	----a-w	C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19	1,712,984	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19	1,712,984	----a-w	C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-07-30 18:18	33,624	----a-w	C:\WINDOWS\system32\dllcache\wups.dll
2007-07-12 23:31	765,952	----a-w	C:\WINDOWS\system32\dllcache\vgx.dll
2006-10-18 20:41	0	----a-w	C:\Documents and Settings\Jac\Application Data\wklnhst.dat
2005-05-11 22:36	12,288	----a-w	C:\WINDOWS\Fonts\RandFont.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 15:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 15:00]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-03-10 19:44]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-03-10 19:43]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-05-18 23:02]
"nwiz"="nwiz.exe" [2005-05-18 23:02 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-05-04 18:28 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-26 11:08]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-03-17 10:30]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2005-12-01 10:54]
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe" [2006-10-04 15:49]
"QOELOADER"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe" [2006-10-04 15:49]
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [2006-10-04 15:50]
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2006-10-04 15:50]
"Zone Labs Client"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe" [2005-08-03 07:42]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"DSLSTATEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslstat.exe" [2004-05-27 12:07]
"DSLAGENTEXE"="C:\Program Files\Voyager 105 ADSL Modem\dslagent.exe" [2004-05-27 12:07]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-17 18:15]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-06 17:20]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=C:\WINDOWS\pss\Monitor Apache Servers.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jac^Start Menu^Programs^Startup^OpenOffice.org 1.1.5.lnk]
path=C:\Documents and Settings\Jac\Start Menu\Programs\Startup\OpenOffice.org 1.1.5.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 1.1.5.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSWin LaoKey]
C:\Program Files\LSWin\LaoKey.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mxssvr"=2 (0x2)
"iPod Service"=3 (0x3)
"AOL ACS"=2 (0x2)
"wampmysqld"=3 (0x3)
"wampapache"=3 (0x3)
"niSvcLoc"=2 (0x2)
"nipxirmu"=2 (0x2)
"NIDomainService"=2 (0x2)
"MySQL"=2 (0x2)
"lkTimeSync"=2 (0x2)
"lkClassAds"=2 (0x2)
"LkCitadelServer"=2 (0x2)
"Apache2.2"=2 (0x2)

R1 mfetdik;McAfee Inc.;C:\WINDOWS\system32\drivers\mfetdik.sys
R2 XilinxPC4Driver;XilinxPC4Driver;C:\WINDOWS\system32\drivers\XPC4DRVR.SYS
R3 CIR;Hid Device;C:\WINDOWS\system32\DRIVERS\CIR.sys
R3 kbd;Keyboard;C:\WINDOWS\system32\DRIVERS\kbd.sys
R3 Slazldrv;SmartLink AMR_PCI Driver;C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys
R3 wanusb;BT Voyager 105 ADSL Modem;C:\WINDOWS\system32\DRIVERS\gwausb.sys
R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys
S4 wampapache;wampapache;"c:\wamp\apache2\bin\Apache.exe" -k runservice
S4 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-10-11 19:48:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-11 19:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-12 21:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully 
hidden files: 0 

**************************************************************************
.
Completion time: 2007-10-12 21:23:39
.
	--- E O F ---

Any thoughts?

cheers,

Jack

#22 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 13 October 2007 - 12:20 PM

Nothing of infection in any of this still. Looks like you had/have some sort of National Instruments server setup here, but beyond just typing those words I would not be familiar with any of that or it's uses. And a Laotian language startup here disabled through msconfig. If it was installed at the time you recently made changes I sense that KeyScrambler software may have caused install corruption. Really need to be seeking the advice of others at the WTT Windows forums on these issues e-bore. Here the responses are limited to my malware-related input (which doesn't appear to be a factor in this) and guesswork.

#23 e-bore

Authentic Member

Authentic Member
35 posts

Posted 14 October 2007 - 03:55 AM

Alright, Well thanks for all your help. Yes I did install a National Instruments thing so I could plug the laptop into an oscilloscope via serial, and have uninstalled most of it - I wouldn't miss it really. The Lao thing was a problem, but that was installed ages ago; I contacted the software writer to get help uninstalling it, which he seemed to give; I thought I'd cleared that out of the system. It shouldn't be on there: we only use MS additional languages on the language bar. I'll take this to the Windows forum then. thanks again.

#24 Jintan

Advanced Member

Visiting Fellow
791 posts

Posted 14 October 2007 - 09:08 PM

Let's see what the folks in that forum come up with in all this. For that language tool remnant yu can remove it by diong the following, then reboot after to complete the change.

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSWin LaoKey]

Open Notepad and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it laofix.reg. Where it says "Files of Type", select All Files and click on Save. Exit Notepad, double-click on the file and ok the prompt asking if you wish to merge the file with your registry. You can delete laofix.reg after.

Edited by Jintan, 14 October 2007 - 09:09 PM.

Body Background

skin color theme

Please could someone help?

#16 Jintan

Advertisements

Register to Remove

#17 e-bore

#18 Jintan

#19 e-bore

#20 Jintan

#21 e-bore

#22 Jintan

#23 e-bore

#24 Jintan

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

Please could someone help?

#16 Jintan

Advertisements Register to Remove

#17 e-bore

#18 Jintan

#19 e-bore

#20 Jintan

#21 e-bore

#22 Jintan

#23 e-bore

#24 Jintan

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove