Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Sound Lots of Errors on Startup


  • Please log in to reply

#1
JFrame19

JFrame19

    New Member

  • Member
  • Pip
  • 9 posts
Hello all I am having some major troubles with my computer lately. First off I get no sound from my speakers except for the occassional beep that come from my computer. When I turn on my computer I get the following errors: during a scan of files at system startup potential errors in the system registry were found kmode_exception_not_handled, SysFader: Iexplore.exe potential application error The instruction at "0x01d62739" referenced memory at "0x02354e50". The memory could not be read., and als the error A potential problem has been detected and windows has been shutdown buggy application to prevent damage to your computer. This is the logfile of the latest hijackthis I ran.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:04, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://local.swarmca...:8001/proxy.pac
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [78a4ffbc] rundll32.exe "C:\WINDOWS\system32\ftexcljr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175292718796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176647030953
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6744 bytes

Any help you could provide would be greatly appeciated!

Thanks
Jason
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello JFrame19

Welcome to G2Go. :)
================
Download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
=======================
Next::
Please download ComboFix from Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#3
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is what I got:

SDFix: Version 1.140

Run by Administrator on 2008-02-10 at 12:03

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\aaa\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\system32\NTSpool.exe - Deleted
C:\WINDOWS\system32\WinPrint.exe - Deleted
C:\WINDOWS\system32\WinSpooler.exe - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 12:16:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BA3E6E0-8CAE-7E1C-DAC2-21F466EDD7DA}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\aaa\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 26 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Tue 21 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Mon 9 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
Mon 9 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Mon 9 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Mon 9 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
Sat 3 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
Mon 9 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
Mon 9 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
Mon 9 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
Mon 9 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
Mon 9 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\SUPER\cygz.dll"
Sat 2 Feb 2008 72,704 ..SHR --- "C:\Program Files\SUPER\Setup.exe"
Fri 12 Jan 2007 1,179,648 A..H. --- "C:\temp\HP_WebRelease\setup.exe"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Tue 22 May 2007 1,505,007 A.SH. --- "C:\WINDOWS\system32\bbeeg.tmp"
Thu 24 May 2007 1,565,285 A.SH. --- "C:\WINDOWS\system32\bbeeg.bak1"
Sat 26 May 2007 1,551,178 A.SH. --- "C:\WINDOWS\system32\bbeeg.bak2"
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Sun 10 Feb 2008 33,222 ..SH. --- "C:\WINDOWS\system32\qnjvslgy.dllbox"
Mon 17 Dec 2007 27,648 A.SH. --- "C:\WINDOWS\system32\Smab0.dll"
Tue 22 May 2007 832,657 A.SH. --- "C:\WINDOWS\system32\wxxhbucw.tmp"
Sat 31 Mar 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 29 Nov 2005 262,144 ...H. --- "C:\Program Files\Road Runner PhotoShow 4\data\DVDMPEG2Enc.dll"
Tue 29 Nov 2005 84,604 ...H. --- "C:\Program Files\Road Runner PhotoShow 4\data\movie_maker.exe"
Tue 29 Nov 2005 61,440 ...H. --- "C:\Program Files\Road Runner PhotoShow 4\data\NeASL.dll"
Thu 5 Jan 2006 95,892 ...H. --- "C:\Program Files\Road Runner PhotoShow 4\data\Road Runner PhotoShow Deluxe.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\SUPER\mencoder\28_83260.dll"
Mon 9 Dec 2002 73,766 ...HR --- "C:\Program Files\SUPER\mencoder\atrc3260.dll"
Mon 9 Dec 2002 65,575 ...HR --- "C:\Program Files\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\SUPER\mencoder\dnet3260.dll"
Mon 9 Dec 2002 102,437 ...HR --- "C:\Program Files\SUPER\mencoder\drv13260.dll"
Mon 9 Dec 2002 176,165 ...HR --- "C:\Program Files\SUPER\mencoder\drv23260.dll"
Mon 9 Dec 2002 208,935 ...HR --- "C:\Program Files\SUPER\mencoder\drv33260.dll"
Mon 9 Dec 2002 217,127 ...HR --- "C:\Program Files\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\SUPER\mencoder\rnco3260.dll"
Mon 9 Dec 2002 245,805 ...HR --- "C:\Program Files\SUPER\mencoder\rnlt3260.dll"
Mon 9 Dec 2002 45,093 ...HR --- "C:\Program Files\SUPER\mencoder\rv103260.dll"
Mon 9 Dec 2002 98,341 ...HR --- "C:\Program Files\SUPER\mencoder\rv203260.dll"
Mon 9 Dec 2002 94,247 ...HR --- "C:\Program Files\SUPER\mencoder\rv303260.dll"
Mon 9 Dec 2002 90,151 ...HR --- "C:\Program Files\SUPER\mencoder\rv403260.dll"
Mon 9 Dec 2002 102,439 ...HR --- "C:\Program Files\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\SUPER\mencoder\tokr3260.dll"
Fri 12 Jan 2007 466,944 A..H. --- "C:\temp\HP_WebRelease\setup\HPZmsi01.exe"
Fri 12 Jan 2007 1,359,960 A..H. --- "C:\temp\HP_WebRelease\setup\HPZmsi40.exe"
Fri 12 Jan 2007 765,952 A..H. --- "C:\temp\HP_WebRelease\setup\HPZscr01.exe"
Fri 12 Jan 2007 1,570,392 A..H. --- "C:\temp\HP_WebRelease\setup\HPZscr40.exe"
Thu 8 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Tue 29 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT6.tmp"

Finished!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://local.swarmca...:8001/proxy.pac
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [78a4ffbc] rundll32.exe "C:\WINDOWS\system32\ftexcljr.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175292718796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176647030953
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Microsoft cache control (MSControlService) - Unknown owner - C:\WINDOWS\system32\windows
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7043 bytes
  • 0

#4
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
ComboFix 08-02.05.3 - Owner 2008-02-10 12:40:25.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.731 [GMT -6:00]
Running from: C:\Documents and Settings\All Users\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\qomkihg.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cbxurrp.dll
C:\WINDOWS\system32\cbxwtrs.dll
C:\WINDOWS\system32\dbdlacqd.dll
C:\WINDOWS\system32\efccyvs.dll
C:\WINDOWS\system32\ftexcljr.dll
C:\WINDOWS\system32\ghhkj.ini
C:\WINDOWS\system32\ghhkj.ini2
C:\WINDOWS\system32\jcctgees.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\khfefcb.dll
C:\WINDOWS\system32\knycyyxe.dll
C:\WINDOWS\system32\opnlmkh.dll
C:\WINDOWS\system32\pmnmmjk.dll
C:\WINDOWS\system32\qnjvslgy.dll . . . . failed to delete
C:\WINDOWS\system32\qnjvslgy.dllbox
C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\rjlcxetf.ini
C:\WINDOWS\system32\usbbkxdq.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\qnjvslgy.dll . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://www.firstlogin.com
.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 12:00 . 2008-02-10 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 00:46 . 2008-02-10 00:46 <DIR> d-------- C:\kav
2008-02-09 23:43 . 2008-02-09 23:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-09 02:17 . 2008-02-10 12:44 163,904 --a------ C:\WINDOWS\system32\qnjvslgy.dll
2008-02-09 02:00 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
2008-02-08 20:01 . 2008-02-08 20:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-08 20:00 . 2008-02-08 20:00 <DIR> d-------- C:\Program Files\Uniblue
2008-02-08 19:40 . 2008-02-08 19:40 545,241 --a------ C:\Autoruns.zip
2008-02-08 18:41 . 2008-02-08 18:41 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 18:28 . 2008-02-08 18:28 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-08 01:04 . 2008-02-08 01:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-02-08 00:17 . 2008-02-08 00:17 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-06 14:40 . 2008-02-06 14:40 <DIR> d-------- C:\Program Files\BitPim
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Program Files\Express Burn
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-02-03 13:28 . 2008-02-03 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-03 13:03 . 2008-02-03 13:03 <DIR> d-------- C:\Program Files\MP3SPLITTER
2008-02-02 17:09 . 2008-02-02 17:15 <DIR> d-------- C:\Program Files\Total Video Converter
2008-02-02 16:52 . 2008-02-02 16:52 1,418,672 --a------ C:\MVI_5703.AVI.AVI
2008-02-02 16:52 . 2008-02-02 16:52 330,022 --a------ C:\MVI_5629.AVI.AVI
2008-02-02 16:45 . 2008-02-02 16:55 <DIR> d-------- C:\Program Files\SUPER
2008-02-02 16:04 . 2008-02-03 09:21 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-02 15:55 . 2008-02-02 15:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-02 15:54 . 2008-02-02 15:54 7,105,738 --a------ C:\Program Files\avex-dvd-ripper-platinum.trial.exe
2008-02-02 15:36 . 2008-02-02 15:51 <DIR> d-------- C:\OutputFolder
2008-02-02 15:36 . 2008-02-02 15:51 278 --a------ C:\WINDOWS\system32\temp_0000_65-15.aok
2008-02-02 15:36 . 2008-02-02 15:50 125 --a------ C:\WINDOWS\system32\test.aok
2008-02-02 15:30 . 2008-02-02 15:30 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-01-30 22:45 . 2008-02-07 00:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 22:45 . 2008-01-30 22:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 10:12 . 2008-01-29 10:12 <DIR> d-------- C:\Program Files\321Studios
2008-01-25 21:50 . 2008-01-25 21:50 4,462 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:56 . 2008-01-26 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 17:29 . 2008-01-25 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-25 17:28 . 2008-01-25 17:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 17:17 . 2007-10-17 07:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-25 17:17 . 2008-01-25 17:17 2,162 --a------ C:\WINDOWS\system32\tmmute.ini
2008-01-25 01:40 . 2008-01-25 01:40 48 --a------ C:\tmp.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 07:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-09 01:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\mySI
2008-02-08 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 06:17 --------- d-----w C:\Program Files\HP
2008-02-08 06:15 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-02-07 07:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-31 05:27 --------- d-----w C:\Program Files\1Click DVD Copy 4.2
2008-01-29 16:08 --------- d-----w C:\Program Files\LimeWire
2008-01-29 15:56 --------- d-----w C:\Program Files\Download Files
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsPubDrv.sys
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsDrv118.sys
2008-01-11 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\CopyToDvd
2007-12-23 08:34 --------- d-----w C:\Program Files\Azureus
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2007-11-13 15:31 399,360 ----a-w C:\WINDOWS\system32\Smab.dll
2007-07-10 05:16 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-07-10 05:16 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-09 05:59 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-04-09 05:59 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-03-30 20:01 186 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
2005-03-30 04:46 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-11-14 13:57 6,582 ----a-w C:\Program Files\hijackthis.log
2004-02-06 13:43 2,304 ----a-w C:\Program Files\Readme_es.txt
2004-02-06 13:43 1,885 ----a-w C:\Program Files\readme.txt
2004-02-06 13:41 42,496 ----a-w C:\Program Files\rkdetector.exe
2004-02-01 03:51 28,160 ----a-w C:\Program Files\tcp.dll
2003-03-07 04:12 6,087 ----a-w C:\Program Files\xp_fileassoc.bat
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-05-25 02:38 1,565,285 --sha-w C:\WINDOWS\system32\bbeeg.bak1
2007-05-26 20:44 1,551,178 --sha-w C:\WINDOWS\system32\bbeeg.bak2
2007-05-27 04:12 1,560,912 --sha-w C:\WINDOWS\system32\bbeeg.ini2
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
2007-05-23 15:04 778,067 --sha-w C:\WINDOWS\system32\wxxhbucw.ini2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e477591-5dfe-40c7-92db-a8911eef4428}]
C:\WINDOWS\system32\jcctgees.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}]
C:\WINDOWS\system32\qomkihg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F7AE3B9-867B-43D3-9811-5DA219331F06}]
C:\WINDOWS\system32\jkhhg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2008-02-10 12:44 163904 --a------ C:\WINDOWS\system32\qnjvslgy.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
C:\Program Files\Online Add-on\isfmdl.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"= C:\Program Files\Online Add-on\ictmdl.dll [ ]

[HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-06 19:56 245760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [2002-10-30 17:09 73728 C:\WINDOWS\system32\PROMon.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 04:28 172032]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 22:53 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 22:42 659456]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 14:32 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2008-01-25 17:17:45 1406480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"= NTSpool.exe
"Windows Printing Driver"= WinSpooler.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}"= C:\WINDOWS\system32\qomkihg.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnjvslgy]
qnjvslgy.dll 2008-02-10 12:44 163904 C:\WINDOWS\system32\qnjvslgy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkihg]
qomkihg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\jkhhg.dll

R2 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bc192-945f-11dc-90f8-00306e38e759}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 15:23:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2008-02-10 18:49:26 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-09 00:41:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-10 18:50:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{00218546-53DB-4190-9469-1C69A33A7301}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-02-10 01:16:00 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-02-10 18:49:26 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-10 05:43:33 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 12:50:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qnjvslgy.dll
-> C:\WINDOWS\system32\qomkihg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\WINDOWS\system32\jkhhg.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\qnjvslgy.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-10 12:53:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 18:52:26
ComboFix2.txt 2008-02-08 20:35:37
.
2008-01-09 09:02:19 --- E O F ---
  • 0

#5
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\qnjvslgy.dll 
C:\WINDOWS\system32\tmmute.ini
C:\tmp.bat
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\wxxhbucw.ini2
C:\WINDOWS\system32\jcctgees.dll
C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\jkhhg.dll
Folder::
C:\Program Files\Online Add-on
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e477591-5dfe-40c7-92db-a8911eef4428}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F7AE3B9-867B-43D3-9811-5DA219331F06}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2A1C5CB-C0EF-4689-9436-F62CCA1C5383}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8113B5DE-F7EB-4154-A311-497FB80D8BD0}"=-
[-HKEY_CLASSES_ROOT\clsid\{8113b5de-f7eb-4154-a311-497fb80d8bd0}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"NTSpool"=-
"Windows Printing Driver"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{42A44A09-3A1E-4BA2-B14C-D8398E0C3317}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qnjvslgy]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomkihg]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#6
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Heres my new logfiles:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:05, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://local.swarmca...:8001/proxy.pac
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175292718796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176647030953
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7170 bytes

ComboFix 08-02.05.3 - Owner 2008-02-10 13:59:56.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT -6:00]
Running from: C:\Documents and Settings\All Users\Desktop\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\tmp.bat
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\jcctgees.dll
C:\WINDOWS\system32\jkhhg.dll
C:\WINDOWS\system32\qnjvslgy.dll
C:\WINDOWS\system32\qomkihg.dll
C:\WINDOWS\system32\tmmute.ini
C:\WINDOWS\system32\wxxhbucw.ini2
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\tmp.bat
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\tmmute.ini
C:\WINDOWS\system32\wxxhbucw.ini2

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 13:59 . 2008-02-10 13:59 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2008-02-10 13:50 . 2008-02-10 13:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-02-10 13:41 . 2008-02-10 13:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-10 12:32 . 2004-08-04 00:56 388,608 --a------ C:\kmd.exe
2008-02-10 12:00 . 2008-02-10 12:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-10 00:46 . 2008-02-10 00:46 <DIR> d-------- C:\kav
2008-02-09 23:43 . 2008-02-09 23:43 <DIR> d-------- C:\Program Files\XoftSpySE
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-09 23:36 . 2008-02-09 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-08 20:01 . 2008-02-08 20:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-02-08 20:00 . 2008-02-08 20:00 <DIR> d-------- C:\Program Files\Uniblue
2008-02-08 19:40 . 2008-02-08 19:40 545,241 --a------ C:\Autoruns.zip
2008-02-08 18:41 . 2008-02-08 18:41 <DIR> d-------- C:\Program Files\RegCure
2008-02-08 18:28 . 2008-02-08 18:28 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-08 01:04 . 2008-02-08 01:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-02-08 00:17 . 2008-02-08 00:17 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-06 14:40 . 2008-02-06 14:40 <DIR> d-------- C:\Program Files\BitPim
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Program Files\Express Burn
2008-02-03 13:28 . 2008-02-03 13:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
2008-02-03 13:28 . 2008-02-03 13:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-02-03 13:03 . 2008-02-03 13:03 <DIR> d-------- C:\Program Files\MP3SPLITTER
2008-02-02 17:09 . 2008-02-02 17:15 <DIR> d-------- C:\Program Files\Total Video Converter
2008-02-02 16:52 . 2008-02-02 16:52 1,418,672 --a------ C:\MVI_5703.AVI.AVI
2008-02-02 16:52 . 2008-02-02 16:52 330,022 --a------ C:\MVI_5629.AVI.AVI
2008-02-02 16:45 . 2008-02-02 16:55 <DIR> d-------- C:\Program Files\SUPER
2008-02-02 16:04 . 2008-02-03 09:21 37,888 --a------ C:\WINDOWS\system32\rar.exe
2008-02-02 15:55 . 2008-02-02 15:55 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-02-02 15:54 . 2008-02-02 15:54 7,105,738 --a------ C:\Program Files\avex-dvd-ripper-platinum.trial.exe
2008-02-02 15:36 . 2008-02-02 15:51 <DIR> d-------- C:\OutputFolder
2008-02-02 15:36 . 2008-02-02 15:51 278 --a------ C:\WINDOWS\system32\temp_0000_65-15.aok
2008-02-02 15:36 . 2008-02-02 15:50 125 --a------ C:\WINDOWS\system32\test.aok
2008-02-02 15:30 . 2008-02-02 15:30 <DIR> d--h----- C:\Documents and Settings\Owner\InstallAnywhere
2008-01-30 22:45 . 2008-02-07 00:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 22:45 . 2008-01-30 22:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-29 10:12 . 2008-01-29 10:12 <DIR> d-------- C:\Program Files\321Studios
2008-01-25 21:50 . 2008-01-25 21:50 4,462 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-25 18:56 . 2008-01-26 01:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 17:29 . 2008-01-25 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-25 17:28 . 2008-01-25 17:53 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PrevxCSI
2008-01-25 17:17 . 2008-01-25 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 17:17 . 2007-10-17 07:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 07:41 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 06:31 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-09 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-09 01:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\mySI
2008-02-08 06:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 06:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 06:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-08 06:17 --------- d-----w C:\Program Files\HP
2008-02-08 06:15 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-07 21:57 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-02-07 07:20 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-01-31 05:27 --------- d-----w C:\Program Files\1Click DVD Copy 4.2
2008-01-29 16:08 --------- d-----w C:\Program Files\LimeWire
2008-01-29 15:56 --------- d-----w C:\Program Files\Download Files
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsPubDrv.sys
2008-01-26 07:41 0 ----a-w C:\WINDOWS\system32\drivers\IsDrv118.sys
2008-01-11 03:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\CopyToDvd
2007-12-23 08:34 --------- d-----w C:\Program Files\Azureus
2007-12-17 13:43 27,648 --sha-w C:\WINDOWS\system32\Smab0.dll
2007-11-13 15:31 399,360 ----a-w C:\WINDOWS\system32\Smab.dll
2007-07-10 05:16 3,655,608 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe
2007-07-10 05:16 25,990,432 ----a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-04-09 05:59 87,608 ----a-w C:\Documents and Settings\Owner\Application Data\ezpinst.exe
2007-04-09 05:59 47,360 ----a-w C:\Documents and Settings\Owner\Application Data\pcouffin.sys
2007-03-30 20:01 186 ----a-w C:\Program Files\Shortcut to CD Drive.lnk
2005-03-30 04:46 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2004-11-14 13:57 6,582 ----a-w C:\Program Files\hijackthis.log
2004-02-06 13:43 2,304 ----a-w C:\Program Files\Readme_es.txt
2004-02-06 13:43 1,885 ----a-w C:\Program Files\readme.txt
2004-02-06 13:41 42,496 ----a-w C:\Program Files\rkdetector.exe
2004-02-01 03:51 28,160 ----a-w C:\Program Files\tcp.dll
2003-03-07 04:12 6,087 ----a-w C:\Program Files\xp_fileassoc.bat
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Road Runner PhotoShow Media Manager"="C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe" [2006-01-06 19:56 245760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-12-05 16:06 1885464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe"="PROMon.exe" [2002-10-30 17:09 73728 C:\WINDOWS\system32\PROMon.exe]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 04:28 172032]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 22:53 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-06 22:42 659456]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-30 14:32 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2008-01-25 17:17:45 1406480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

R2 NMSSvc;Intel® NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 12:36]
R3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\system32\drivers\NMSCFG.SYS [2002-05-03 12:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{557bc192-945f-11dc-90f8-00306e38e759}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe

*Newly Created Service* - NMSCFG
.
Contents of the 'Scheduled Tasks' folder
"2008-02-10 19:23:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2008-02-10 19:12:07 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-09 00:41:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-10 20:00:00 C:\WINDOWS\Tasks\User_Feed_Synchronization-{00218546-53DB-4190-9469-1C69A33A7301}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-02-10 01:16:00 C:\WINDOWS\Tasks\WebReg .job"
- C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe
"2008-02-10 19:12:07 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-10 05:43:33 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 14:00:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 14:01:27
ComboFix-quarantined-files.txt 2008-02-10 20:01:06
ComboFix2.txt 2008-02-10 18:53:03
ComboFix3.txt 2008-02-08 20:35:37
.
2008-01-09 09:02:19 --- E O F ---


THANKS FOR ALL THE HELP!!!
  • 0

#7
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)

I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
==================================================
After that
Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#8
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-10 15:56:44
PROTECTIONS: 1
MALWARE: 29
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
AVG 7.5.516 7.5.516 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][2].txt
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.trafficmp.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.doubleclick.net/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.247realmedia.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.247realmedia.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.mediaplex.com/]
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.com.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.statcounter.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.apmebf.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.bs.serving-sys.com/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[server.iad.liveperson.net/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[stat.onestat.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.zedo.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.adrevolver.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.go.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.ehg-dig.hitbox.com/]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\cookies\[email protected][2].txt
02887528 Cookie/AdvancedCleaner TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f6wyem8i.default\cookies.txt[.advancedcleaner.com/]
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#9
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You still did not install AVG antivirus please install it.
The instructions are in the post before this one.
===============================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==================================================================
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
    Posted Image

Please then delete all other tools if any that I had you download.
Empty your recycle bin.
====================
After that let me know how things are running ?
  • 0

#10
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
It is actually running great with NO ERRORS! The only thing thats still missing is my systems sound! Do you know why this could be? Is there any easy fix that could make it work?

THANKS AGAIN FOR ALL THE HELP :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:19, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://local.swarmca...:8001/proxy.pac
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Road Runner PhotoShow Media Manager] C:\PROGRA~1\ROADRU~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter...oad/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1175292718796
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1176647030953
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Unknown owner - C:\Program Files\a-squared Anti-Malware\a2service.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7966 bytes
  • 0

Advertisements


#11
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Also, one other thing, do you have a anti-virus program that you could recommend? Is AVG reliable if I buy the full version? What do you think?
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Avg is good in my opinion as you can still get infected with a paid for version of an anti virus.

I would like to check something for your sound issue.

GO to start > run and then type in this devmgmt.msc then hit ok.
This will open your device manger.

On the right side you will see a category named sounds and Video game controllers or something to that effect.
Click on the plus sign next tp it and tell me if there are any yellow question marks or exclamation marks next to anything there.
Also tell me if you have integrated sound or if you purchased a sound card to put into your computer please.
  • 0

#13
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey, great news I was able to download and install a sound driver and it works! Theres a couple of weird but minor issues the clock is in military time and when I click on my computer next to the c: it shows a red X which is strange.
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Okay for the clock to be reset go to Start >Control Panel >Date ,Time and regional settings.
Click on Regional and language options.
Next to the section that says your regional language (mine is English) click on customise.
Click on the Time tab at the top.
The next to time format make sure that it looks like this >h:mm:ss tt if it doesn't then change it to that.
Then click apply then ok.
Then apply then ok again.

For the drive icon issue:
Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Drive Icons]
Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
Reboot for the changes to take place and let me know how it goes.
  • 0

#15
JFrame19

JFrame19

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well the clock settings made it work correctly, but I tried the thing for the icon for the c: and it didn't seem to do anything, even after a couple of reboots. Any other ideas?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP