Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FREEZE FRAME


  • Please log in to reply

#1
AL-FIRDAUS

AL-FIRDAUS

    New Member

  • Member
  • Pip
  • 1 posts
Hello. I have a problem. They are refered to as Dr Watson Post Mortem, AND devldr32.exe. At present, I am able to beat back both by bringing up 'task manager' and disabling both before my system fully boots up. You are the experts. I am not. I'd like your assistance in their eventual removal. Below is my HijackThis log. If I try this without your help I'm liable to destroy my system. Please allow me to thank you in advance. And then later. Oh yes, I am patient. I myself may not check back for days. :whistling:


Logfile of HijackThis v1.99.1
Scan saved at 4:59:05 AM, on 11/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\Program Files\D4\D4.exe
F:\Program Files\Raxco\PerfectDisk\PDAgent.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
F:\Program Files\D4\D4.exe
F:\Program Files\Iomega\AutoDisk\ADUserMon.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\WINDOWS\system32\taskmgr.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\system32\rmctrl.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\RFA\rfagent.exe
F:\Program Files\Creative\ShareDLL\MediaDet.Exe
F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fs30.exe
F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
F:\Program Files\Camtech\SpySites-Plus\SpySitesP.exe
F:\Program Files\Logitech\MouseWare\system\em_exec.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.uzy
F:\WINDOWS\System32\svchost.exe
F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
F:\Program Files\TGTSoft\StyleXP\StyleXP.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
F:\Program Files\A4Proxy\A4Proxy.exe
F:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\MailWasher Pro\MailWasher.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgmain.exe
F:\Program Files\Robomagic\WetSock\wetsock.exe
F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgbhp.exe
F:\WINDOWS\explorer.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\DOCUME~1\ADMINI~1.AL-\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://islamworld.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NONE HAS THE RIGHT TO BE WORSHIPPED BUT ALLAH!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\DOWNLO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar3.dll
O3 - Toolbar: StealthSurf X-treme Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Disc Detector] F:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] F:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] F:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [SalatTimes] "F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\Sala28\Salat.exe" /t 0
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Dimension4] F:\Program Files\D4\D4.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ADUserMon] F:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] F:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [Windows Clean-Up Pro] F:\Program Files\3B Software\Windows Clean-Up Pro\Windows Clean-Up Pro.Exe
O4 - HKLM\..\Run: [rfagent] "F:\Program Files\DOWNLOADED INSTALLATIONS\RFA\rfagent.exe"
O4 - HKLM\..\Run: [freesurfer] F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fs30.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySites Plus] F:\Program Files\Camtech\SpySites-Plus\SpySitesP.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\DOWNLOADED INSTALLATIONS\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] F:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [STYLEXP] F:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: A4Proxy.lnk = F:\Program Files\A4Proxy\A4Proxy.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = F:\Program Files\ScanSoft\NaturallySpeaking\Program\natspeak.exe
O4 - Startup: MailWasherPro.lnk = F:\Program Files\DOWNLOADED INSTALLATIONS\MailWasher Pro\MailWasher.exe
O4 - Startup: restart_vs.lnk = E:\Viewsonic.exe
O4 - Startup: SpywareGuard.lnk = F:\Program Files\DOWNLOADED INSTALLATIONS\SpywareGuard\sgmain.exe
O4 - Startup: WetSock.lnk = F:\Program Files\Robomagic\WetSock\wetsock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &NeoTrace It! - F:\DOCUME~1\ADMINI~1\DOWNLO~1\SECURI~1\VISUAL~1\NTXcontext.htm
O8 - Extra context menu item: Get siteinfo data (fsc) - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\fslauncher.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\FS30.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - F:\Documents and Settings\Administrator\DOWNLOADED INSTALLATIONS\SECURITY INSTALLMENTS\EMS Free Surfer Companion\FS30.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - F:\DOCUME~1\ADMINI~1\DOWNLO~1\SECURI~1\VISUAL~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .pdf: F:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O15 - Trusted Zone: http://www.broadbandreports.com
O15 - Trusted Zone: http://*.capitalone.com
O15 - Trusted Zone: http://www.cognitivedistortion.com
O15 - Trusted Zone: http://*.debian.com
O15 - Trusted Zone: http://members.digitalblasphemy.com
O15 - Trusted Zone: http://www.digitalblasphemy.com
O15 - Trusted Zone: http://download.lava...e.edgesuite.net
O15 - Trusted Zone: http://listen.hos.com
O15 - Trusted Zone: http://www.hos.com
O15 - Trusted Zone: http://*.islamworld.net
O15 - Trusted Zone: http://www.jihadunspun.com
O15 - Trusted Zone: http://iraqwar.mirror-world.ru
O15 - Trusted Zone: http://www.themejunkie.com
O15 - Trusted Zone: http://www.ummah.net
O15 - Trusted Zone: http://www.uruknet.info
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121551354030
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} (Java Plug-in) -
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - F:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Dimension4 - Thinking Man Software - F:\Program Files\D4\D4.exe
O23 - Service: Iomega Activity Disk2 - Unknown owner - F:\WINDOWS\
O23 - Service: Iomega App Services - Iomega Corporation - F:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PDAgent - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - F:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: StyleXPService - Unknown owner - F:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - F:\Program Files\Iomega\AutoDisk\ADService.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP