Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Media player 10 [RESOLVED]


  • This topic is locked This topic is locked

#1
-_R1_-

-_R1_-

    Member

  • Member
  • PipPip
  • 93 posts
Well i tryed getting help in the applications part but the person that was helping me did not know what to do so he sent me here i qutoed his last post telling me what to do and ask for so here it is


sorry I can't help any more, I don't know of any thing else that would help execpt you could try posting a topic in that malware foram and tell the person that answers to treat Windows Media player like a vrirs. they should know how to remove something.  And after wards reinstall it.  And as to loseing the CD try asking Mirosoft for a replacement, they might give you one.

View Post


so does any1 here think that they can help me with media player?
  • 0

Advertisements


#2
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
i just remember that i should post a high jack log so here it is








Logfile of HijackThis v1.99.1
Scan saved at 5:25:31 AM, on 29/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] c:\program files\steam\steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www1.sympatico.ca
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
  • 0

#3
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello, and welcome to the GeekstoGo Forums. My name is Jfcap,and I will be helping you clean your system. I would like to start off by apologizing in the delay in our response time. We try not to let posts slip through the cracks, but things do happen due the the ammount of posts on our website, so again I apologize.

Your HiJackThis log is clean. But just to be sure lets run the below scan that will tell us if you have any infected files!

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe.
Put a check next to the below items before scanning:
  • Memory
  • Startup Folders
  • Drive - All Local Drives
  • Folder - then click "browse" to change the directory to C: (default is C:\Windows)
  • Registry
  • System Folders
  • Services
  • Include Sub-Directory
  • Scan All Files
Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items". When it's done scanning, please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

:tazz:
  • 0

#4
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
alright i did the scan and here is what it came up with





Object "BearShare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LEXBCE.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LEXBCES.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\lexlmpm.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LEXPPS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LEXP2P32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\LEX2KUSB.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\LEX2KUSB.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXP2P32.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXPPS.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\lexlmpm.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCES.EXE". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\spool\drivers\w32x86\3\LEXBCE.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\RealArcadeRdxIE.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\Install.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Netscape\Netscape\plugins\NPSWF32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\drivers\ipvnmon.sys". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\bullet.gid". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00020906-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{00020907-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{000209FE-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{000209FF-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0006F033-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0006F03A-0000-0000-C000-000000000046}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0291E591-EA41-4c82-8106-3DC6CE7F7664}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{05A6B676-15D6-4946-BCFD-D14137737534}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\SonyCDDetectSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{06290BD5-48AA-11D2-8432-006008C3FBFC}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A99FD75-B264-48FC-AE49-924A646964B8}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0c097121-c5d6-47eb-841d-30bff71a71c4}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtmulti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0C8903E0-E32F-4035-B798-50C0BBCA42B6}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0D43FE01-F093-11CF-8940-00A0C9054228}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1768C1CD-AEE1-4232-ADDD-783B37BF4846}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\CdrHelperSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}" refers to invalid object "C:\PROGRA~1\AWS\WEATHE~1\MINIBU~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{33CE799A-0E69-4f81-8F78-E3246771513B}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{347B0667-C7ED-429B-BDE3-CC8D3BACAA31}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\yinsthelper1.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{39AFDE01-5C31-46BD-B8A5-4A4816752305}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\OpdCdrSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3F0943D3-A3C4-4C5B-A85F-8AD1877CD33C}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\OpdCdrSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{47F63D1B-EEDB-4854-BF3A-3CB7601A6D37}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\OpdCdrSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C58F422-C7F4-4EC6-949E-A443976820A8}" refers to invalid object "C:\Program Files\NetAssistant\SmartBridge\SBIQOutlook.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}" refers to invalid object "C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\scandlgs.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{538daa0c-7aaa-4786-a37c-b98cef4f153b}" refers to invalid object "C:\Progra~1\MsnMusic\4020261\msnmusax.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{539E5EC1-5BD3-420C-8F64-EF55AE95F369}" refers to invalid object "C:\Program Files\MSN Apps\Updater\01.05.0000.1009\en-us\au_iscPS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{660B82AF-A571-4A19-AC54-5E6E63969676}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6628157E-EBAB-4c1d-A3DB-468DB60F890D}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6802E635-CB18-F544-790D-700BAC51E508}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6BB7CC6C-E167-4C95-D992-6261CCCC5FE5}" refers to invalid object "C:\Program Files\Common Files\Microsoft Shared\DAO\DAO350.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6CDBA7CE-C3A4-4548-8D60-118EED9C24A4}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}" refers to invalid object "C:\PROGRA~1\MOZILL~2\MapiProxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7F23E6E5-0E79-4aee-B723-B1463805D5A9}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8a2adf00-a30f-11d5-a9ea-c0cf7ec10000}" refers to invalid object "C:\Program Files\McAfee\McAfee Firewall\FWLOG.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8A63BC80-5C9D-11D4-8A37-00C04F8FD53B}" refers to invalid object "C:\Program Files\McAfee\McAfee Firewall\FWPLUGIN.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D3DF22B-4988-47F5-B7AF-7E285ECE0386}" refers to invalid object "C:\Progra~1\MsnMusic\4020261\msnmusax.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8e0d4de5-3180-4024-a327-4dfad1796a8d}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{985E61D3-45A8-483B-A0D8-641296E54E49}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\CdrHelperSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{99EEC57E-4532-4d00-98AB-43D7C8D07755}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9C2C220D-6E2D-4715-A715-AAEFCE3A3124}" refers to invalid object "C:\Program Files\NetAssistant\SmartBridge\SBIQWin32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9CAD39D8-59CF-4E76-8C3E-179E48CB45B9}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\PrimoWriterSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A6C6F6A3-37D6-4D83-8AF2-751BB82FE233}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\SonyCDDetectSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0693766-5278-4ec6-B9E1-3CE40560EF5A}" refers to invalid object "CaPlgin.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0FA4C4D-2610-4CD9-9BCD-CDEB9DE895C0}" refers to invalid object "C:\Program Files\NetAssistant\SmartBridge\SBIQExcel.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B9BA256A-075B-49ea-B9E2-7DBC2EF021D5}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\sound.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BCECF647-AAC2-4FE4-AC19-2A9AC936B7E2}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\SonyCDDetectSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "D:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C2E7B509-F108-4314-9214-60408203BC50}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.344\cMf Name Maker\XPButtons.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C8CE6FC1-CCF1-11D6-B8A5-000064657374}" refers to invalid object "C:\Program Files\Netscape\Netscape\PalmSyncProxy.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CDE0A580-A4A0-4C34-B375-DAB4832FC0AB}" refers to invalid object "C:\WINDOWS\system32\SymNeti.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D8E7569D-8618-498C-B5FC-CD88DE9C1C8F}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\OpdCdrSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{da27efe0-f138-11d4-8a37-00c04f8fd53b}" refers to invalid object "C:\Program Files\McAfee\McAfee Shared Components\Guardian\mcsched.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E42EEDF6-1452-4B95-AF12-0830E680584B}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\CdrHelperSS.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{ed28050f-d713-43ba-a376-dcc5c35407d5}" refers to invalid object "C:\Progra~1\MsnMusic\4020261\msnmusax.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE7CB360-F635-449D-BBB1-0D844F2A269D}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}" refers to invalid object " C:\WINDOWS\SYSTEM\JSCRIPT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}" refers to invalid object " C:\WINDOWS\SYSTEM\JSCRIPT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}" refers to invalid object " C:\WINDOWS\SYSTEM\JSCRIPT.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" refers to invalid object "C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}" refers to invalid object "C:\WINDOWS\wt\webdriver\4.1.1\webdriver.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FAAC2E5D-084B-4225-8035-C669DD5C63D6}" refers to invalid object "C:\Program Files\Common Files\Sony Shared\AVLib\CdrSS\SonyCDWriterSS.dll". Action Taken: No Action Taken.
Entry "HKCR\BDATuner.Hyperlink.2" refers to invalid object "{2D7383EE-7F9F-4742-3E6F-F577BC4D3F47}". Action Taken: No Action Taken.
Entry "HKCR\SafeGuardProtect.PCShield" refers to invalid object "{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}". Action Taken: No Action Taken.
Entry "HKCR\SafeGuardProtect.PCShield.2.0" refers to invalid object "{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WDMHHost.WTHoster" refers to invalid object "{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}". Action Taken: No Action Taken.
Entry "HKCR\WDMHHost.WTHoster.1" refers to invalid object "{AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A}". Action Taken: No Action Taken.
File C:\WINDOWS\system32\axuninstall.exe tagged as "not-a-virus:AdWare.BlazeFind.e". Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-33ad1845.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-71eb477c.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat tagged as "not-a-virus:AdWare.WildTangent.b". Action Taken: No Action Taken.
File C:\WINDOWS\system32\axuninstall.exe tagged as "not-a-virus:AdWare.BlazeFind.e". Action Taken: No Action Taken.
File C:\WINDOWS\system32\axuninstall.exe tagged as "not-a-virus:AdWare.BlazeFind.e". Action Taken: No Action Taken.
  • 0

#5
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hi There!

We have a few things to fix, but nothing too bad!


Open Windows Explorer and delete the following files:

C:\WINDOWS\system32\axuninstall.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat


Then we need to Update java and clear the java cache.

Open Control Panel,
Click on the Java Plug In Icon (Coffee Cup)
Click the General Tab
Select Delete Files

*Please dowload: RegSeeker.
*Click on "Clean The Registry" in the left panel.
*Check all boxes (make sure the backup box in the lower left corner is selected!).
*After it runs, click "Select All" on the bottom, then right-click on any selected item in the window and select "Delete Selected Items".
*Click "Quit RegSeeker".

Now, open any of your installed programs, and make sure that everything opens ok. If so, reboot, then go back and run the RegSeeker again, do the same thing again if anything is found. You need to run RegSeeker until there are very few to no items found. If there are a couple of items that won't go way it's fine! You may have to run RegSeeker 5+ times to get everything just remember to reboot between each run of RegSeeker.

Then post a new HiJackThis log.

Edited by Jfcap, 01 August 2005 - 11:43 PM.

  • 0

#6
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
thxs for helping me i did everything you told me 2 do and with that scan i have 25 things that i can not get rid of after trying 5 times each time now i get the 25 things that come up and here is my high jack log u asked for




Logfile of HijackThis v1.99.1
Scan saved at 2:40:55 AM, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\steam\steam.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://start.sympatico.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] c:\program files\steam\steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www1.sympatico.ca
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
  • 0

#7
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder. (I have my hijackthis.exe in C:\desktop\HJT\HiJackThis.exe)

Please reopen HiJackThis and scan your computer. Please place a check mark next to the following entries. Be sure to select only the entries that are listed below, as deleting the wrong file could cause harm to your system.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


Next, please close all programs except for HiJackThis, and select Fix Checked.
Reboot your computer.

Then please run Panda ActiveScan<<<Accept default settings, save and post the log.

In your next reply, please post a new HiJackThis log, as well as the log from Panda Scan.
  • 0

#8
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
this is my high jack log


Logfile of HijackThis v1.99.1
Scan saved at 3:25:53 PM, on 02/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.sympatico.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://start.sympatico.ca/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Sympatico Internet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Steam] c:\program files\steam\steam.exe -silent
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www1.sympatico.ca
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_1.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zon...nt.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe

and for some reason i can not do the panda scan it says i need 2 use internet explorer and when i do it just freezes
  • 0

#9
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello,

Your HiJackThis Log is Clean! Are you still noticing any problems with your computer?
  • 0

#10
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
my problem is that i cant get window media to work but now for some reason i dont have my short cut and i dont know if i can see if it works
  • 0

Advertisements


#11
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Try opening it from the start menu.
  • 0

#12
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
nope it says that i have an application error has occured
  • 0

#13
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Well it is not a spyware issue, so lets try a few more things.

Have you reinstalled Windows Media Player and tried to open it?
  • 0

#14
-_R1_-

-_R1_-

    Member

  • Topic Starter
  • Member
  • PipPip
  • 93 posts
whenever i download the file it tells me that i have the newest verison on my computer and idont know how to install it because it is not in my add remove programs tab and i do not know how to uninstall it manually
  • 0

#15
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

Ive consulted with some helpers here, and we have an idea for you to try.

Click Start
Click Run
Type regsvr32 jscript.dll
Click Ok

Click Start
Click Run
Type regsvr32 vbscript.dll
Click Ok

Then try to open Windows Media Player. If you get an error message, please post back telling me the exact message.

:tazz:

Edited by Jfcap, 02 August 2005 - 10:20 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP