please check
pca_biledemon1471 - 30 May 2008 - 9:50pm
<p>hi please can you check this as zonealarm picked up a programme called free REFOG keylogger setup, i dont know wether it has been installed or if it has been put on but not run, i cant find a programe or file for it. thanks Logfile of Trend Micro HijackThis v2.0.2<br />
Scan saved at 22:44:29, on 30/05/2008<br />
Platform: Windows XP SP2 (WinNT 5.01.2600)<br />
MSIE: Internet Explorer v7.00 (7.00.6000.16640)<br />
Boot mode: Normal</p>
<p>Running processes:<br />
C:\WINDOWS\System32\smss.exe<br />
C:\WINDOWS\system32\winlogon.exe<br />
C:\WINDOWS\system32\services.exe<br />
C:\WINDOWS\system32\lsass.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\WINDOWS\system32\ZoneLabs\vsmon.exe<br />
C:\WINDOWS\Explorer.EXE<br />
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe<br />
C:\Program Files\Alwil Software\Avast4\ashServ.exe<br />
C:\WINDOWS\system32\spoolsv.exe<br />
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<br />
C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
C:\WINDOWS\system32\nvsvc32.exe<br />
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe<br />
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe<br />
C:\Program Files\Spyware Doctor\pctsAuxs.exe<br />
C:\Program Files\Spyware Doctor\pctsSvc.exe<br />
C:\WINDOWS\system32\svchost.exe<br />
C:\Program Files\Spyware Doctor\pctsTray.exe<br />
C:\WINDOWS\wanmpsvc.exe<br />
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe<br />
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe<br />
C:\WINDOWS\system32\Rundll32.exe<br />
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe<br />
C:\Program Files\Common Files\AOL\1183321457\ee\AOLSoftware.exe<br />
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe<br />
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE<br />
C:\Program Files\Common Files\Real\Update_OB\realsched.exe<br />
C:\Program Files\QuickTime\qttask.exe<br />
C:\WINDOWS\system32\RunDll32.exe<br />
C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe<br />
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe<br />
C:\WINDOWS\System32\svchost.exe<br />
C:\Program Files\dvd43\dvd43_tray.exe<br />
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe<br />
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe<br />
C:\WINDOWS\system32\RUNDLL32.EXE<br />
C:\WINDOWS\system32\ctfmon.exe<br />
C:\Program Files\Messenger\msmsgs.exe<br />
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe<br />
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe<br />
C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe<br />
C:\Program Files\AOL 9.0\aoltray.exe<br />
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe<br />
C:\Program Files\TRUST\TRUST USB2 DIGITAL PCTV & MOVIE EDITOR APPLICATION\TSSCHL.EXE<br />
c:\program files\common files\aol\1183321457\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe<br />
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe<br />
c:\program files\common files\aol\1183321457\ee\aolsoftware.exe<br />
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe<br />
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe<br />
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe<br />
C:\Program Files\AOL 9.0\waol.exe<br />
C:\Program Files\AOL 9.0\shellmon.exe<br />
C:\Program Files\Common Files\AOL\aoltpspd.exe<br />
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe</p>
<p>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = <a href="http://go.microsoft.com/fwlink/?LinkId=54896">http://go.microsoft.com/fwlink/?LinkId=54896</a><br />
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = <a href="http://go.microsoft.com/fwlink/?LinkId=69157">http://go.microsoft.com/fwlink/?LinkId=69157</a><br />
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll<br />
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll<br />
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL<br />
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll<br />
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL<br />
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper<br />
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe<br />
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe<br />
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1183321457\ee\AOLSoftware.exe<br />
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"<br />
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"<br />
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot<br />
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime<br />
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd<br />
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent<br />
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"<br />
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"<br />
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"<br />
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup<br />
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install<br />
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe<br />
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe<br />
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"<br />
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"<br />
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit<br />
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe<br />
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background<br />
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5\MediaDetector.exe"<br />
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden<br />
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"<br />
O4 - HKCU\..\Run: [Philips Intelligent Agent] "C:\Program Files\Philips\Intelligent Agent\Philips Intelligent Agent.exe" /SILENT<br />
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')<br />
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')<br />
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')<br />
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')<br />
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe<br />
O4 - Global Startup: Bluetooth Manager.lnk = ?<br />
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<br />
O4 - Global Startup: Scheduler.lnk = C:\Program Files\TRUST\TRUST USB2 DIGITAL PCTV & MOVIE EDITOR APPLICATION\TSSCHL.EXE<br />
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000<br />
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll<br />
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll<br />
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe<br />
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe<br />
O15 - Trusted Zone: <a href="http://*.businesspost.biz" title="http://*.businesspost.biz">http://*.businesspost.biz</a><br />
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - <a href="http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab">http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab</a><br />
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0093FBB-E5DB-4317-879E-38B8BC175C54}: NameServer = 205.188.146.145<br />
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe<br />
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe<br />
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe<br />
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe<br />
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe<br />
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe<br />
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe<br />
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe<br />
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe<br />
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe<br />
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe<br />
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe<br />
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe<br />
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe<br />
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe<br />
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe<br />
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe<br />
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe<br />
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe</p>
<p>--<br />
End of file - 11006 bytes<br />
put on and not run. thanks, p.s i cant find the programe or file</p>
Log in to PCAnswers
How to...
Setup a WiFi Network
Christian Hall - 26 September 2008 - 2:13pm
Christian shows you how to install and setup a new router and broadband connection. He covers the basics from what each connection on your router is to how to secure your network in the administration panel. ... read more »
Latest PC news from TechRadar
- 5 reasons widgets may be the next big TV trend
- Exclusive: Virgin & ITV: Internet details not yet finalised
- Ballmer's CES keynote - all the details
- Virgin Media seals on-demand deal with ITV
- AMD rolls out much improved Phenom II CPU
- In Depth: Is 45nm silicon enough to save AMD?
- Windows 7 Beta available worldwide Friday
- Sony launches world's lightest 8-inch netbook
Copyright 2006 - 2008 Future Publishing Limited(company registered number 2008885), a company registered in England and Wales
whose registered office is at Beauford Court, 30 Monmouth Street, Bath, BA1 2BW, UK