|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
ESAdvRemIntegrator stopped working (Moved by Murf from Vista)
How do I get rid of this annoying message?? Can anyone help??
Description: Stopped working Problem signature: Problem Event Name: APPCRASH Application Name: RemEngine.exe Application Version: 1.0.0.0 Application Timestamp: 460444a3 Fault Module Name: KERNEL32.dll Fault Module Version: 6.0.6000.16386 Fault Module Timestamp: 4549bd80 Exception Code: e0434f4d Exception Offset: 0001b09e OS Version: 6.0.6000.2.0.0.768.3 Locale ID: 1033 Read our privacy statement: http://go.microsoft.com/fwlink/?link...3&clcid=0x0409 |
#2
|
||||
|
||||
Welcome toi CTH
Do you have a HP? I believe that RemEngine.exe is a file installed by the software of a Hewlett Packard extended service plan. Did you purchase one of these when you purchased your computer? If not could be a Trojan Let's see what is running on your PC. Go here and download Hijack This to your Desktop. When you have downloaded it, doubleclick to install. Once installed, open Hijack This and click on scan. Most of the files listed will be harmless and/or required so do not make any changes, just click on Save Log, copy it and post it back in this thread. Also go here and download Silent Runners.vbs (clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") to a new folder on your drive and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (it will be in the new folder you created). Please post the information back in this thread. If your antivirus program queries the script, allow it to run. It's not malicious. We do not read logs in this forum, but once posted I will have one of our Cyber Safety Guru's look at it, then we can move this thread over to Cyber Safety forum if necessary. |
#3
|
|||
|
|||
Log from Trend Secure
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:39:45 PM, on 1/21/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe C:\Program Files\Hp\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\AOL\1193180740\ee\aolsoftware.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe C:\Program Files\Southwest Airlines\Ding\Ding.exe C:\Windows\System32\rundll32.exe C:\Program Files\Webshots\Webshots.scr C:\Program Files\Common Files\AOL\Loader\aolload.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...lion&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start O4 - HKLM\..\Run: [HP Health Check Scheduler] "C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" O4 - HKLM\..\Run: [WAWifiMessage] "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] "C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SynTPStart] "C:\Program Files\Synaptics\SynTP\SynTPStart.exe" O4 - HKLM\..\Run: [CanonSolutionMenu] "C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon O4 - HKLM\..\Run: [CanonMyPrinter] "C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1193180740\ee\AOLSoftware.exe" O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe" O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Event Planner Reminder.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll O13 - Gopher Prefix: O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://games.pogo.com/online2/pogo/a...ploader_v6.cab O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10735 bytes |
#4
|
|||
|
|||
Silent Runners Log
"Silent Runners.vbs", revision 55, http://www.silentrunners.org/
Operating System: Windows Vista Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run \ {++} "Sidebar" = ""C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun" [MS] "Aim6" = (empty string) [file not found] "swg" = ""C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe"" ["Google Inc."] "WMPNSCFG" = ""C:\Program Files\Windows Media Player\WMPNSCFG.exe"" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \ {++} "Windows Defender" = ""C:\Program Files\Windows Defender\MSASCui.exe" -hide" [MS] "SynTPEnh" = ""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"" ["Synaptics, Inc."] "HP Software Update" = ""C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"" ["Hewlett-Packard Co."] "QPService" = ""C:\Program Files\HP\QuickPlay\QPService.exe"" ["CyberLink Corp."] "QlbCtrl" = ""C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start" [" Hewlett-Packard Development Company, L.P."] "HP Health Check Scheduler" = ""C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe"" [null data] "hpWirelessAssistant" = ""C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"" ["Hewlett-Packard Development Company, L.P."] "WAWifiMessage" = ""C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe"" ["Hewlett-Packard Development Company, L.P."] "Trend Micro AntiVirus 2007" = ""C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe" -1 --delay 15" ["Trend Micro Inc."] "TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "Adobe Reader Speed Launcher" = ""C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"" ["Adobe Systems Incorporated"] "SynTPStart" = ""C:\Program Files\Synaptics\SynTP\SynTPStart.exe"" ["Synaptics, Inc."] "CanonSolutionMenu" = ""C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe" /logon" ["CANON INC."] "CanonMyPrinter" = ""C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" /logon" ["CANON INC."] "SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Nuance Communications, Inc."] "OpwareSE4" = ""C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"" ["Nuance Communications, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "HostManager" = ""C:\Program Files\Common Files\AOL\1193180740\ee\AOLSoftware.exe"" ["AOL LLC"] "NvSvc" = ""RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart" [MS] "NvCplDaemon" = ""RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup" [MS] "NvMediaCenter" = ""RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit" [MS] "hpqSRMon" = ""C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe"" ["Hewlett-Packard"] "QuickTime Task" = ""C:\Program Files\QuickTime\QTTask.exe" -atboottime" ["Apple Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Inc."] "SpySweeper" = "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray" ["Webroot Software, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Once\ {++} "Launcher" = "C:\Windows\SMINST\launcher.exe" HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\ {02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar Helper" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF Reader Link Helper" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\ "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."] "{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "ShellViewRTF" -> {HKLM...CLSID} = "ShellViewRTF" \InProcServer32\(Default) = "C:\Windows\System32\ShellvRTF.dll" ["XSS"] "{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}" = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" -> {HKLM...CLSID} = "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.d ll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" = "Webroot Spy Sweeper Context Menu Integration" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\Windows\system32\nvcpl.dll" ["NVIDIA Corporation"] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Inc."] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.D LL" [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandler s\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHa ndlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex \ContextMenuHandlers\ SpySweeper\(Default) = "{7C9D5882-CB4A-4090-96C8-430BFE8B795B}" -> {HKLM...CLSID} = "Webroot Spy Sweeper Context Menu Integration" \InProcServer32\(Default) = "C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll" ["Webroot Software, Inc."] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System\ "ConsentPromptBehaviorAdmin" = (REG_DWORD) dword:0x00000002 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode} "ConsentPromptBehaviorUser" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Behavior Of The Elevation Prompt For Standard Users} "EnableInstallerDetection" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Detect Application Installations And Prompt For Elevation} "EnableLUA" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Run All Administrators In Admin Approval Mode} "EnableSecureUIAPaths" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Only elevate UIAccess applications that are installed in secure locations} "EnableVirtualization" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Virtualize file and registry write failures to per-user locations} "PromptOnSecureDesktop" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Conrol: Switch to the secure desktop when prompting for elevation} "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "FilterAdministratorToken" = (REG_DWORD) dword:0x00000000 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| User Account Control: Admin Approval Mode for the Built-in Administrator Account} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Windows\system32\config\systemprofile\Pictures \My Pic's\Aidan & Allison\Xmas 2007.jpg" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Users\Julie\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp" Startup items in "Julie" & "All Users" startup folders: ------------------------------------------------------- C:\Users\Julie\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup "DING!" -> shortcut to: "C:\Program Files\Southwest Airlines\Ding\Ding.exe" ["Southwest Airlines"] "OneNote 2007 Screen Clipper and Launcher" -> shortcut to: "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE /tsr" [MS] "Webshots" -> shortcut to: "C:\Program Files\Webshots\Launcher.exe /t" [null data] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup "Event Planner Reminder" -> shortcut to: "C:\Windows\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B 98E4FDE42EF7EBB.exe" [null data] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\system32\NLAapi.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000004\LibraryPath = "%SystemRoot%\system32\napinsp.dll" [MS] 000000000005\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] 000000000006\LibraryPath = "%SystemRoot%\system32\pnrpnsp.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Pa rameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SYSTEMROOT%\system32\tmlsp.dll ["Trend Micro Inc."], 01 - 06, 25 %SystemRoot%\system32\mswsock.dll [MS], 07 - 24 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" -> {HKLM...CLSID} = "&Google" \InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided) -> {HKLM...CLSID} = "Yahoo! Toolbar" \InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."] Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] {2670000A-7350-4F3C-8081-5663EE0C6C49}\ "ButtonText" = "Send to OneNote" "MenuText" = "S&end to OneNote" "CLSIDExtension" = "{48E73304-E1D6-4330-914C-F5F514E3486C}" -> {HKLM...CLSID} = "Send to OneNote from Internet Explorer button" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll" [MS] {92780B25-18CC-41C8-B9BE-3C9C571A8263}\ "ButtonText" = "Research" HOSTS file ---------- C:\Windows\System32\drivers\etc\HOSTS maps: 2 domain names to IP addresses, 1 of the IP addresses is *not* localhost! Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Apple Mobile Device, Apple Mobile Device, ""C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"" ["Apple, Inc."] CNG Key Isolation, KeyIso, "C:\Windows\system32\lsass.exe" [MS] Computer Browser, Browser, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\browser.dll" [MS]} CyberLink Background Capture Service (CBCS), CLCapSvc, ""C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe"" [empty string] Extensible Authentication Protocol, EapHost, "C:\Windows\System32\svchost.exe -k netsvcs" {"C:\Windows\System32\eapsvc.dll" [MS]} HP Health Check Service, HP Health Check Service, ""C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"" [null data] hpqwmiex, hpqwmiex, "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe" ["Hewlett-Packard Development Company, L.P."] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Inc."] LightScribeService Direct Disc Labeling Service, LightScribeService, ""C:\Program Files\Common Files\LightScribe\LSSrvc.exe"" ["Hewlett-Packard Company"] PIXMA Extended Survey Program, IJPLMSVC, "C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE" [null data] Trend Micro AntiVirus Protection Service, tavsvc, "C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe" ["Trend Micro Inc."] Trend Micro Proxy Service, tmproxy, "C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe" ["Trend Micro Inc."] Viewpoint Manager Service, Viewpoint Manager Service, ""C:\Program Files\Viewpoint\Common\ViewpointService.exe"" ["Viewpoint Corporation"] Webroot Spy Sweeper Engine, WebrootSpySweeperService, "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" ["Webroot Software, Inc."] Windows Driver Foundation - User-mode Driver Framework, wudfsvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\WUDFSvc.dll" [MS]} Windows Image Acquisition (WIA), stisvc, "C:\Windows\system32\svchost.exe -k imgsvc" {"C:\Windows\System32\wiaservc.dll" [MS]} Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\wmpnetwk.exe"" [MS] WLAN AutoConfig, Wlansvc, "C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted" {"C:\Windows\System32\wlansvc.dll" [MS]} XAudioService, XAudioService, "C:\Windows\system32\DRIVERS\xaudio.exe" ["Conexant Systems, Inc."] Keyboard Driver Filters: ------------------------ HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E 96B-E325-11CE-BFC1-08002BE10318}\ "UpperFilters" = <<!>> "SSKBFD" ["Webroot Software Inc (www.webroot.com)"] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs\ Canon BJ Language Monitor MP470 series\Driver = "CNMLM8U.DLL" ["CANON INC."] CNY SELPHY CP LM1\Driver = "CNYMLM01.DLL" ["Canon INC."] Send To Microsoft OneNote Monitor\Driver = "msonpmon.dll" [MS] ---------- (launch time: 2008-01-21 15:47:14) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 113 seconds, including 18 seconds for message boxes) |
#5
|
||||
|
||||
Sorry took so long to get back. I am moving this over to our Cyber Safety forum as I see some suspicious stuff.
|
#6
|
||||
|
||||
I see that you have the Canon Extended Survey plan and also a HP device. What are they?
Spy Sweeper or Trend might be blocking it from some action. Our Cyber Safety folks looked at the logs and saw no spyware/malware present. How about disabling Spy Sweeper then see if the error occurs, then the same with Trend, Lets us know then I will move this back to VISTA, in the meantime I will check your Vista Services running; |
#7
|
|||
|
|||
The computer is an HP and thats it. I have a Canon Printer.
|
#8
|
|||
|
|||
If I turn off the Spy Sweeper and the Trend Antivirus how will my computer be protected??
|
#9
|
||||
|
||||
Your just turning it off to see if it is causing the problem. If one of them is then turn the other one back on. Need to rule out that one of those programs is causing the problem. As long as you "Safe Surf" you will be OK while they are off....
However lets try this first: Right click on "My Computer" then go to "Manage". In the left pane click on Services and Applications, then on Services. In the right pane you will see all the Services that are running. See if you can find a Service with HP in it, double click on it and change the Start Up type from Automatic to Manual. If it is already set to Manual leave alone. Now reboot, still get error???? |
#10
|
|||
|
|||
Now this is popping up
Description:
Stopped working Problem signature: Problem Event Name: APPCRASH Application Name: HPHC_Scheduler.exe Application Version: 2.0.9.1 Application Timestamp: 45f585b9 Fault Module Name: KERNEL32.dll Fault Module Version: 6.0.6000.16386 Fault Module Timestamp: 4549bd80 Exception Code: e0434f4d Exception Offset: 0001b09e OS Version: 6.0.6000.2.0.0.768.3 Locale ID: 1033 Read our privacy statement: http://go.microsoft.com/fwlink/?link...3&clcid=0x0409 |
#11
|
|||
|
|||
Tried everything...
...ok I tried everything and I'm still getting the errors. It's done this ever since I go this computer. At first it was every once in a while and now it's getting annoying.
|
#12
|
||||
|
||||
Well hphc_scheduler.exe is the Health Check Scheduler for systems developed by HP. This process is vital to the health of your system and therefore should not be terminated.
Both errors reference kernal32.dll which is a system file so lets thry this: You will need to open a command prompt in administrator mode. You can do that by right clicking the Command Prompt in the list Start | All Programs | Accessories Right click on "Command Prompt "then to "Run as Administrator". Once you have an administrator command prompt open, type in the following: sfc /scannow (space between "c" and "/") hit <enter> |
#13
|
|||
|
|||
Ok I did what you told me and this is what it said when it finished scanning...
Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log Do you know what all that means?? |
#14
|
||||
|
||||
YES:
Do this: 1. Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. 2.Type the following command, and then press ENTER: findstr /C:"[SR] Cannot repair member file" %windir%\logs\cbs\cbs.log >sfcdetails.txt 3. Type the following command, and then press ENTER: edit sfcdetails.txt Note The Sfcdetails.txt file contains details from every time that the System File Checker tool has been run on the computer. The file includes information about files that were not repaired by the System File Checker tool. Verify the date and time entries to determine the problem files that were found the last time that you ran the System File Checker tool. Post the log here. |
#15
|
|||
|
|||
I typed in both commands and it changed to a screen with a blue background. No words or anything. I tried to look for the log. If I found the right thing when I tried to open it it said access denied. I tried opening something else that I thought might be the log but it was blank.
Last edited by mikymousj; January 25th, 2008 at 04:28 AM. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
ESAdvRemIntegrator has stopped working | Kezza | Windows Vista | 1 | May 20th, 2010 02:56 AM |
ESAdvRemIntegrator stopped working (Moved by Murf from Vista) | mowjantee | Malware Removal | 24 | December 6th, 2009 11:54 PM |
ESAdvRemIntegrator stopped working (Moved by Murf from Vista) | mowjantee | Windows Vista | 1 | November 30th, 2009 10:17 PM |
ESAdvRemIntegrator has stopped working | SafetyChain | Windows Vista | 30 | December 29th, 2008 04:34 AM |
esadvremintegrator has stopped working? (moved from Cyber Safety Forum) | cvjgajdaj2006 | Windows Vista | 1 | November 7th, 2008 09:33 AM |
All times are GMT +1. The time now is 05:06 PM.