# HELP! URGENT! Computer Is really Slow. (HIJACK THIS FILE INCLUDED)



## perfect (Mar 11, 2008)

Hi! I had a mkv file of a video and so i had to convert it to a avi file. I used a software called prism to extract the file but it so happens that the probably did not get completely converted because the file size is HUGE. It was suppose to convert the file and put it on My Documents. Everything went fine but then when I went to my documents, and tried to open the converted file, it opens and media player says that it is not able to play the file. That was okaay too, but the problem is that when i went back to delete the converted file, Windows Explorer (in this case My Documents) brings the "Send Error Report" and "Don't Send" window. When I say don't send, Windows Explorer Closes. I went to go try to delete the file, I get that message again and this time I try to ignore it. I clicked delete to delete the file and the a message popped up and said that the file cannot be deleted because another program might be using it. I checked everything and nothing is using the file. I want to delete this file. This file is making my computer also run VERY slowly. Is there a way to delete this file?

It might because of some virus or something. 
I am sorry by typing urgent but it is because I have a MAJOR project to do on the computer and it is necessary for the computer to run normally.
THANK YOU IN ADVANCE FOR HELPING ME!

-----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:51 PM, on 6/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {43F6B39D-BC11-40BA-BDC3-DE1A12A66956} - C:\WINDOWS\system32\ddcBUoPi.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: {528b3346-f0f3-cdf8-2b54-e089a31f289c} - {c982f13a-980e-45b2-8fdc-3f0f6433b825} - C:\WINDOWS\system32\atktxpyq.dll
O2 - BHO: (no name) - {DD4A65C7-61D7-445F-BCF1-5065F765EAF9} - C:\WINDOWS\system32\ssqoOIYq.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [b0612b93] rundll32.exe "C:\WINDOWS\system32\gbmalljo.dll",b
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [BMb352180f] Rundll32.exe "C:\WINDOWS\system32\gqwfqjor.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1013 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '~#~$hivani~#~')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1013 User Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '~#~$hivani~#~')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O20 - Winlogon Notify: ssqoOIYq - C:\WINDOWS\SYSTEM32\ssqoOIYq.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13843 bytes


----------



## perfect (Mar 11, 2008)

Now my computer also restarts on its own. What should I do? I need serious help for fixing this. Please help ME! I really need my computer to work. I have to finish a project by tomorrow. THANK YOU IN ADVANCE!


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.*


----------



## perfect (Mar 11, 2008)

Hi! Thank You Very much for helping out here. My computer is really messed right now! I tried to do everything in those instruction about download and running ComboFix, but there is one problem. The problem is that my computer doesn't use service pack 1 nor does it use service pack 2. It has the new Service Pack 3 and I believe that, that site doesn't have a link for that. What do I do now?

Before we try to fix my actual computer, can you help me fix my internet first? There is a problem with it. It is EXTREMELY slow. Some sites don't even open. When I type those sites, they browser says it's loading but then the site never appears. I thought it might be the problem because I am using Firefox but when I Internet Explorer there is the same problem and it also gives me a message.

The message is the one on the picture below.










If you think that we should not fix this, it's okay. I am ready to do whatever you want me to do.  Thanks Again!


----------



## Cookiegal (Aug 27, 2003)

Please download *VundoFix.exe* to your desktop.


Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button" when VundoFix appears upon rebooting.


----------



## perfect (Mar 11, 2008)

Hi! i downloaded VundoFix but it seems that i have bad luck with my computer these days. A problem occurred and that is that when I double clicked Vundofix.exe, and error message came up! The message shows :

C:\Documents and Settings\~#~$hivani~\Desktop\VundoFix.exe is not a valid Win32 application.

I am terribly sorry for giving you all these error messages. Thank You for replying!


----------



## Cookiegal (Aug 27, 2003)

It's likely the infection causing the slowdown so we need to address that.

Download *combofix.exe*




















Double click *combo-fix.exe* & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Do not post the ComboFix-quarantined-files.txt - unless I ask you to.
If your Antivirus software is detecting combofix or a part of it as a virus, please choose to ignore it as Antivirus products cannot determine the good/bad use of some softwares embedded in combofix.


----------



## perfect (Mar 11, 2008)

Hey. I did the scan and here is the Log file.

ComboFix 08-06-11.7 - ##~~cHiRaG~~## 2008-06-13 15:47:34.2 - NTFSx86
Running from: C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\macromedia\Flash Player\#SharedObjects\7UYJUVKY\www.broadcaster.com
C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\{30612~1
C:\Program Files\Common Files\{30612~1\Bar888.dll
C:\Program Files\Common Files\{30612~1\UnInstall.exe
C:\Program Files\Common Files\{B0612~1
C:\Program Files\Common Files\{B0612~2
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\atktxpyq.dll
C:\WINDOWS\system32\axbdiacf.ini
C:\WINDOWS\system32\BddgNXyb.ini
C:\WINDOWS\system32\BddgNXyb.ini2
C:\WINDOWS\system32\byXNgddB.dll
C:\WINDOWS\system32\cfwgwfts.ini
C:\WINDOWS\system32\dbcypvwk.dll
C:\WINDOWS\system32\ddcBUoPi.dll
C:\WINDOWS\system32\egadvtor.dll
C:\WINDOWS\system32\fdmhjxcx.ini
C:\WINDOWS\system32\ftdmboye.ini
C:\WINDOWS\system32\gqwfqjor.dll
C:\WINDOWS\system32\gxlcdmqy.ini
C:\WINDOWS\system32\iPoUBcdd.ini
C:\WINDOWS\system32\iPoUBcdd.ini2
C:\WINDOWS\system32\ktnwujlu.dll
C:\WINDOWS\system32\ldcyqkhv.ini
C:\WINDOWS\system32\lfgafbio.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ognftstt.dll
C:\WINDOWS\system32\ojllambg.ini
C:\WINDOWS\system32\olmbqqux.ini
C:\WINDOWS\system32\rqRIbcAp.dll
C:\WINDOWS\system32\rqxwxbig.ini
C:\WINDOWS\system32\sfmaanpw.dll
C:\WINDOWS\system32\ssqoOIYq.dll
C:\WINDOWS\system32\stfwgwfc.dll
C:\WINDOWS\system32\uljuwntk.ini
C:\WINDOWS\system32\vbqojlsf.dll
C:\WINDOWS\system32\wswmeinj.ini
C:\WINDOWS\system32\xcxjhmdf.dll
C:\WINDOWS\system32\yhglkpme.dll

.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.

2008-06-10 20:18 . 2008-06-10 20:18 d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-10 20:18 . 2008-06-10 20:20 d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 12:08 . 2008-06-08 01:22 d--------	C:\Program Files\Unlocker
2008-06-07 08:33 . 2008-06-12 16:26	48	--a------	C:\WINDOWS\BMb352180f.xml
2008-06-06 08:17 . 2008-06-06 08:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Media Player Classic
2008-06-06 08:13 . 2008-06-06 08:13	21,669	--a------	C:\2.exe
2008-06-06 07:36 . 2008-06-06 17:09 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\uTorrent
2008-06-06 00:27 . 2008-06-06 00:27 d--------	C:\Program Files\OJOsoft
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Publish Providers
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NetMedia Providers
2008-05-26 17:59 . 2008-05-26 18:12 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony
2008-05-26 17:58 . 2008-05-26 17:58 d--------	C:\Documents and Settings\All Users\Application Data\Sony
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Vstplugins
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Sony
2008-05-22 17:16 . 2008-05-22 17:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony Setup
2008-05-22 17:15 . 2008-05-22 17:15 d--------	C:\Program Files\Sony Setup
2008-05-22 15:39 . 2008-06-02 17:08 d--------	C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-05-22 15:36 . 2008-05-22 15:36 d--------	C:\Program Files\Common Files\DirectX
2008-05-22 15:27 . 2008-05-22 15:27 d--------	C:\Program Files\EA GAMES
2008-05-19 20:02 . 2008-05-19 20:02 d--------	C:\Program Files\MagicDVDRipper
2008-05-17 16:13 . 2008-05-17 16:16	5,384	--a------	C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\system32\scripting
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\system32\bits
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\l2schemas
2008-05-17 13:59 . 2008-05-17 14:05 d--------	C:\WINDOWS\ServicePackFiles
2008-05-17 13:47 . 2008-05-17 13:47 d--------	C:\WINDOWS\EHome
2008-05-17 13:14 . 2008-04-13 20:12	4,274,816	--a------	C:\WINDOWS\system32\nv4_disp.dll
2008-05-17 13:13 . 2008-04-13 20:11	1,888,992	--a------	C:\WINDOWS\system32\ati3duag.dll
2008-05-17 13:12 . 2008-04-13 20:11	136,192	--a------	C:\WINDOWS\system32\aaclient.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-13 19:57	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-10 13:54	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Image Zone Express
2008-06-07 12:44	---------	d-----w	C:\Program Files\NCH Software
2008-06-07 12:43	---------	d-----w	C:\Program Files\LimeWire
2008-06-07 12:32	---------	d-----w	C:\Program Files\Incomplete
2008-06-06 11:36	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\LimeWire
2008-05-22 00:18	---------	d-----w	C:\Program Files\NCH Swift Sound
2008-05-22 00:18	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NCH Swift Sound
2008-05-19 22:47	284	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ViewerApp.dat
2008-05-17 20:16	71,534	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2008-05-15 00:04	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 15:32	---------	d-----w	C:\Program Files\Common Files\element5 Shared
2008-05-10 15:31	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-10 15:28	87,608	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\inst.exe
2008-05-10 15:28	47,360	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\pcouffin.sys
2008-05-10 15:28	---------	d-----w	C:\Program Files\VSO
2008-05-10 15:28	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Vso
2008-05-02 19:40	---------	d-----w	C:\Program Files\Safari
2008-05-02 19:30	---------	d-----w	C:\Program Files\Apple Software Update
2008-05-01 23:05	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\SUPERAntiSpyware.com
2008-05-01 23:04	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-05-01 23:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 21:21	---------	d-----w	C:\Program Files\Java
2008-05-01 21:17	---------	d-----w	C:\Program Files\Common Files\Java
2008-04-29 04:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 03:51	---------	d-----w	C:\Program Files\Setup
2008-04-29 03:51	---------	d-----w	C:\Program Files\altpayV2
2008-04-28 23:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Malwarebytes
2008-04-25 23:01	---------	d-----w	C:\Program Files\Trend Micro
2008-04-23 22:25	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-23 03:47	---------	d-----w	C:\Program Files\DivX
2008-04-19 17:36	---------	d-----w	C:\Program Files\Cucusoft
2008-04-19 16:11	---------	d-----w	C:\Documents and Settings\~#~$hivani~#~\Application Data\extra cool
2008-04-14 00:13	40,840	----a-w	C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13	21,896	----a-w	C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13	139,656	----a-w	C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13	12,040	----a-w	C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12	975,872	----a-w	C:\WINDOWS\explorer.exe
2008-04-14 00:12	50,688	----a-w	C:\WINDOWS\twain_32.dll
2008-04-14 00:12	32,866	------w	C:\WINDOWS\slrundll.exe
2008-04-14 00:12	3,901	----a-w	C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12	283,648	----a-w	C:\WINDOWS\winhlp32.exe
2008-04-14 00:12	224,256	----a-w	C:\WINDOWS\regedit.exe
2008-04-14 00:12	155,136	----a-w	C:\WINDOWS\notepad.exe
2008-04-14 00:12	11,325	----a-w	C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12	10,752	----a-w	C:\WINDOWS\hh.exe
2008-04-13 19:28	175,744	----a-w	C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:21	162,816	----a-w	C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20	91,520	----a-w	C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20	361,344	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20	182,656	----a-w	C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19	75,264	----a-w	C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19	51,328	----a-w	C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19	48,384	----a-w	C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19	146,048	----a-w	C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19	138,112	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18	52,480	----a-w	C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17	83,072	----a-w	C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17	456,576	----a-w	C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17	105,344	----a-w	C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16	49,536	----a-w	C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16	141,056	----a-w	C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15	64,512	----a-w	C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15	60,800	----a-w	C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15	574,976	----a-w	C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15	334,848	----a-w	C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14	63,744	----a-w	C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14	143,744	----a-w	C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00	30,080	----a-w	C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00	225,664	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00	19,072	----a-w	C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57	41,472	----a-w	C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57	40,576	----a-w	C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57	34,560	----a-w	C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57	20,864	----a-w	C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57	152,832	----a-w	C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57	14,336	----a-w	C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57	10,112	----a-w	C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56	88,320	----a-w	C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56	69,120	----a-w	C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56	35,072	----a-w	C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56	34,688	----a-w	C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56	30,592	----a-w	C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56	30,592	----a-w	C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56	12,800	----a-w	C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56	12,800	----a-w	C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56	12,288	----a-w	C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55	202,624	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55	14,592	----a-w	C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54	11,264	----a-w	C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53	71,552	----a-w	C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53	40,320	----a-w	C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53	36,608	----a-w	C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53	264,832	----a-w	C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51	61,824	----a-w	C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51	60,800	----a-w	C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51	59,904	----a-w	C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51	55,808	----a-w	C:\WINDOWS\system32\drivers\atmlane.sys
2007-09-24 20:52	1,296,147	--sh--w	C:\WINDOWS\iilklm.ini2
2007-08-14 15:50	88	--sh--r	C:\WINDOWS\system32\3A9D5F4952.sys
2007-08-14 15:50	2,516	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6	C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e	C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 19:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c	C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 22:09 659456 6e533d155b259eb2363d3e04b5be309f	C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 23:38 661504 af785c4947676a7fc1673fdc5c8d0b5b	C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d	C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188	C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4	C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 01:57 666112 80d660a49e0d118144423099b2a9f5da	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2005-03-10 04:02 656896 6f018d6319be4f96426ea829b79e05d5	C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2004-08-04 07:00 656384 c0823fc5469663ba63e7db88f9919d70	C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-07-02 22:11 658432 5b5ff992c0fa762ccf8655fc290e6e52	C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-05-02 16:52 657920 1a078af3f85d10ba56444c23b3a18e74	C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 19:52 658432 af61ebb1f550175eff406d545d6ab086	C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2004-08-04 14:00 656384 c0823fc5469663ba63e7db88f9919d70	C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 08:31 658944 b7156cd97e739f3014bc4d61758f868a	C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 10:09 658944 184e47c8f7b331025e6dc92740db188f	C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 09:12 658944 1901ad51da8be9f8b38d5d526e5d1788	C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 02:13 659456 2005ad86a22aee68e21ee59f9ccb77f2	C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 22:21 815616 a70ee704684dcb182707d841aa64cdc7	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 09:06 817152 ac86305e537d18714c97e41a40ccca4c	C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065	C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04	C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2008-03-01 09:06 817152 ac86305e537d18714c97e41a40ccca4c	C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3	C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2004-10-15 04:54:32 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

----a-w 50,688 2003-06-07 11:32:32 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 180,269 2005-02-17 07:25:49 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 185,632 2007-11-11 00:10:42 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w  262,210 2004-05-05 08:54:34 C:\Program Files\epson\Ink Monitor\bak\InkMonitor.exe

----a-w 171,448 2007-02-06 20:28:17 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

----a-w 49,152 2004-06-08 01:53:26 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe

----a-w 278,528 2006-06-14 21:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 14:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 49,263 2006-07-26 08:03:14 C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe

----a-w 190,024 2006-06-11 17:49:16 C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe

----a-w 473,928 2005-11-15 18:12:14 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

----a-w 98,304 2005-02-17 07:33:06 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 4,662,776 2006-12-01 02:49:04 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 663,552 2004-12-14 09:23:44 C:\WINDOWS\CREATOR\bak\Remind_XP.exe

----a-w 233,472 2004-04-15 03:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 18:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2004-11-02 22:59:42 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 659,456 2004-06-08 01:42:30 C:\WINDOWS\system32\bak\hphmon06.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 13:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 20:12 55808 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\~#~$hivani~#~\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\(d) Foru\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]

C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^##~~cHiRaG~~##.YOUR-4F1261A8E5^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-10-14 02:00 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-10-14 02:17 2742272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b0612b93]
C:\WINDOWS\system32\xcxjhmdf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb352180f]
C:\WINDOWS\system32\acvjlejr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-14 00:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-10 20:10 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51095:TCP"= 51095:TCPORT_51095
"65261:TCP"= 65261:TCPORT_65261
"13637:TCP"= 13637:TCPORT_13637
"67:UDP"= 67:UDPHCP Discovery Service

R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 21:57:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 00:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - ~~~~~SHIVANI~~~~~.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-13 15:58:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-06-13 16:27:42 - machine was rebooted [##~~cHiRaG~~##]
ComboFix-quarantined-files.txt 2008-06-13 20:27:24

Pre-Run: 116,424,052,736 bytes free
Post-Run: 116,319,014,912 bytes free

418	--- E O F ---	2008-05-28 00:11:44

One other thing i wanted to ask other than what do i do next is that i think the scan effected my default internet browser. I use firefox and I like it but then after the scan Internet Explorer became my default browser. I changed that and made firefox my default but the problem is that all my bookmarks are lost. There aren't any bookmarks their now and they were quite important for me. Is there a way to get them back? It is okay If you can't get it back. Thank You!


----------



## perfect (Mar 11, 2008)

And this is the Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:11 PM, on 6/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11674 bytes


----------



## Cookiegal (Aug 27, 2003)

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\BMb352180f.xml
C:\2.exe
C:\WINDOWS\iilklm.ini2

DirLook::
C:\Program Files\Setup

Folder::
C:\Program Files\altpayV2

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b0612b93]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb352180f]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.

If after doing the above, your Firefox bookmarks are still missing, look in the following folder and open it (RANDOM is your profile name which is a combination of numbers and digits):

C:\Documents and Settings\Username\Application Data\Mozilla\Firefox\Profiles\*RANDOM.default*

and see if you have this file:

*bookmarks.bak*

Also, do you have a folder called *bookmarkbackups* there?


----------



## perfect (Mar 11, 2008)

Hey! I did what you told me to do and this is the combo fix log file

ComboFix 08-06-11.7 - ##~~cHiRaG~~## 2008-06-14 15:08:13.3 - NTFSx86
Running from: C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\##~cHiRaG~##.YOUR-4F1261A8E5\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.

2008-06-13 21:18 . 2008-06-13 21:18 d--------	C:\WINDOWS\LastGood
2008-06-10 20:18 . 2008-06-10 20:18 d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-10 20:18 . 2008-06-10 20:20 d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 12:08 . 2008-06-08 01:22 d--------	C:\Program Files\Unlocker
2008-06-07 08:33 . 2008-06-12 16:26	48	--a------	C:\WINDOWS\BMb352180f.xml
2008-06-06 08:17 . 2008-06-06 08:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Media Player Classic
2008-06-06 08:13 . 2008-06-06 08:13	21,669	--a------	C:\2.exe
2008-06-06 07:36 . 2008-06-06 17:09 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\uTorrent
2008-06-06 00:27 . 2008-06-06 00:27 d--------	C:\Program Files\OJOsoft
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Publish Providers
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NetMedia Providers
2008-05-26 17:59 . 2008-05-26 18:12 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony
2008-05-26 17:58 . 2008-05-26 17:58 d--------	C:\Documents and Settings\All Users\Application Data\Sony
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Vstplugins
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Sony
2008-05-22 17:16 . 2008-05-22 17:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony Setup
2008-05-22 17:15 . 2008-05-22 17:15 d--------	C:\Program Files\Sony Setup
2008-05-22 15:39 . 2008-06-02 17:08 d--------	C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-05-22 15:36 . 2008-05-22 15:36 d--------	C:\Program Files\Common Files\DirectX
2008-05-22 15:27 . 2008-05-22 15:27 d--------	C:\Program Files\EA GAMES
2008-05-19 20:02 . 2008-05-19 20:02 d--------	C:\Program Files\MagicDVDRipper
2008-05-17 16:13 . 2008-05-17 16:16	5,384	--a------	C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\system32\scripting
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\system32\bits
2008-05-17 14:04 . 2008-05-17 14:04 d--------	C:\WINDOWS\l2schemas
2008-05-17 13:59 . 2008-05-17 14:05 d--------	C:\WINDOWS\ServicePackFiles
2008-05-17 13:47 . 2008-05-17 13:47 d--------	C:\WINDOWS\EHome
2008-05-17 13:14 . 2008-04-13 20:12	4,274,816	--a------	C:\WINDOWS\system32\nv4_disp.dll
2008-05-17 13:13 . 2008-04-13 20:11	1,888,992	--a------	C:\WINDOWS\system32\ati3duag.dll
2008-05-17 13:12 . 2008-04-13 20:11	136,192	--a------	C:\WINDOWS\system32\aaclient.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 19:18	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-14 16:44	---------	d-----w	C:\Program Files\Incomplete
2008-06-14 16:34	---------	d-----w	C:\Program Files\LimeWire
2008-06-14 16:27	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\LimeWire
2008-06-10 13:54	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Image Zone Express
2008-06-07 12:44	---------	d-----w	C:\Program Files\NCH Software
2008-05-22 00:18	---------	d-----w	C:\Program Files\NCH Swift Sound
2008-05-22 00:18	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NCH Swift Sound
2008-05-19 22:47	284	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ViewerApp.dat
2008-05-17 20:16	71,534	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2008-05-15 00:04	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 15:32	---------	d-----w	C:\Program Files\Common Files\element5 Shared
2008-05-10 15:31	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-10 15:28	87,608	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\inst.exe
2008-05-10 15:28	47,360	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\pcouffin.sys
2008-05-10 15:28	---------	d-----w	C:\Program Files\VSO
2008-05-10 15:28	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Vso
2008-05-02 19:40	---------	d-----w	C:\Program Files\Safari
2008-05-02 19:30	---------	d-----w	C:\Program Files\Apple Software Update
2008-05-01 23:05	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\SUPERAntiSpyware.com
2008-05-01 23:04	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-05-01 23:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 21:21	---------	d-----w	C:\Program Files\Java
2008-05-01 21:17	---------	d-----w	C:\Program Files\Common Files\Java
2008-04-29 04:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-29 03:51	---------	d-----w	C:\Program Files\Setup
2008-04-29 03:51	---------	d-----w	C:\Program Files\altpayV2
2008-04-28 23:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Malwarebytes
2008-04-25 23:01	---------	d-----w	C:\Program Files\Trend Micro
2008-04-23 22:25	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-23 03:47	---------	d-----w	C:\Program Files\DivX
2008-04-19 17:36	---------	d-----w	C:\Program Files\Cucusoft
2008-04-19 16:11	---------	d-----w	C:\Documents and Settings\~#~$hivani~#~\Application Data\extra cool
2008-04-14 00:13	40,840	----a-w	C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13	21,896	----a-w	C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13	139,656	----a-w	C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13	12,040	----a-w	C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:12	975,872	----a-w	C:\WINDOWS\explorer.exe
2008-04-14 00:12	50,688	----a-w	C:\WINDOWS\twain_32.dll
2008-04-14 00:12	32,866	------w	C:\WINDOWS\slrundll.exe
2008-04-14 00:12	3,901	----a-w	C:\WINDOWS\system32\drivers\siint5.dll
2008-04-14 00:12	283,648	----a-w	C:\WINDOWS\winhlp32.exe
2008-04-14 00:12	224,256	----a-w	C:\WINDOWS\regedit.exe
2008-04-14 00:12	155,136	----a-w	C:\WINDOWS\notepad.exe
2008-04-14 00:12	11,325	----a-w	C:\WINDOWS\system32\drivers\vchnt5.dll
2008-04-14 00:12	10,752	----a-w	C:\WINDOWS\hh.exe
2008-01-25 04:05	7,816	----a-w	C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2007-12-21 19:51	3,530	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2007-12-02 18:52	81,920	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\ezpinst.exe
2007-12-02 18:52	47,360	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\pcouffin.sys
2007-12-02 16:10	81,920	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ezpinst.exe
2007-12-01 21:11	87,608	----a-w	C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\inst.exe
2007-12-01 21:11	47,360	----a-w	C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\pcouffin.sys
2007-10-25 02:38	8,704	--sha-w	C:\Program Files\Thumbs.db
2007-10-05 15:13	5,376	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\wklnhst.dat
2007-06-08 21:46	560	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\ViewerApp.dat
2007-04-16 00:47	14,274	----a-w	C:\Documents and Settings\(d) Foru\Application Data\wklnhst.dat
2006-11-19 22:24	560	----a-w	C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\ViewerApp.dat
2006-08-25 19:22	284	----a-w	C:\Documents and Settings\(d) Foru\Application Data\ViewerApp.dat
2006-05-24 15:59	2,912,256	----a-w	C:\Program Files\pi9.sbc
2003-06-07 11:48	58,898	----a-w	C:\Program Files\2T.its
2003-06-07 11:48	3,780,608	----a-r	C:\Program Files\pip.gdb
2003-06-07 11:48	152,376	----a-w	C:\Program Files\2P.its
2003-06-07 11:35	7,680	----a-w	C:\Program Files\pip.exe
2003-06-07 11:35	544,584	----a-w	C:\Program Files\piproj.its
2003-06-07 11:35	336,384	----a-w	C:\Program Files\pi.exe
2003-05-13 00:51	8,704	----a-w	C:\Program Files\workssvc.dll
2003-05-05 22:11	318	----a-w	C:\Program Files\dipunsb.001
2003-05-03 11:51	299,008	----a-w	C:\Program Files\cutout.dll
2003-05-02 04:06	94,208	----a-w	C:\Program Files\firstpg.qtd
2003-05-02 04:06	839,751	----a-w	C:\Program Files\MiniQD6.dll
2003-05-02 04:06	4,112,451	----a-w	C:\Program Files\piservr5.dll
2003-05-02 04:06	20,547	----a-w	C:\Program Files\mixfix.dll
2003-05-02 04:06	162,120	----a-w	C:\Program Files\dw15.exe
2003-05-02 04:06	127,033	----a-w	C:\Program Files\cpiqrtf5.dll
2003-05-02 04:06	11,264	----a-w	C:\Program Files\secondpg.qtd
2003-05-02 04:05	59,378	----a-w	C:\Program Files\startupl.png
2003-05-02 04:05	404	----a-w	C:\Program Files\cdlayout.dat
2003-05-02 04:05	275,793	----a-w	C:\Program Files\FlyOuts.png
2003-05-02 03:55	13,361	----a-w	C:\Program Files\pipcust.DIC
2003-05-02 03:52	593,920	----a-w	C:\Program Files\Homepub.ibd
2007-09-24 20:52	1,296,147	--sh--w	C:\WINDOWS\iilklm.ini2
2007-08-14 15:50	88	--sh--r	C:\WINDOWS\system32\3A9D5F4952.sys
2007-08-14 15:50	2,516	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-05-02 16:57 658944 e1e18136f9dd3df1ad9c82193a5898a6	C:\WINDOWS\$hf_mig$\KB883939\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e	C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 19:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c	C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 22:09 659456 6e533d155b259eb2363d3e04b5be309f	C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 23:38 661504 af785c4947676a7fc1673fdc5c8d0b5b	C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-04-18 08:46 665600 4261ba03afd659de04f0a17dfbdd454d	C:\WINDOWS\$hf_mig$\KB933566\SP2QFE\wininet.dll
2007-06-26 10:35 665600 e1a3dd68b5380b360a7310a64d9bb188	C:\WINDOWS\$hf_mig$\KB937143\SP2QFE\wininet.dll
2007-08-22 08:55 665600 a1bc17eb3758d73c3938b2318820f5b4	C:\WINDOWS\$hf_mig$\KB939653\SP2QFE\wininet.dll
2007-10-11 01:57 666112 80d660a49e0d118144423099b2a9f5da	C:\WINDOWS\$hf_mig$\KB942615\SP2QFE\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04	C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9	C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e	C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2005-03-10 04:02 656896 6f018d6319be4f96426ea829b79e05d5	C:\WINDOWS\$NtUninstallKB883939$\wininet.dll
2004-08-04 07:00 656384 c0823fc5469663ba63e7db88f9919d70	C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-07-02 22:11 658432 5b5ff992c0fa762ccf8655fc290e6e52	C:\WINDOWS\$NtUninstallKB896688$\wininet.dll
2005-05-02 16:52 657920 1a078af3f85d10ba56444c23b3a18e74	C:\WINDOWS\$NtUninstallKB896727$\wininet.dll
2005-09-02 19:52 658432 af61ebb1f550175eff406d545d6ab086	C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2004-08-04 14:00 656384 c0823fc5469663ba63e7db88f9919d70	C:\WINDOWS\$NtUninstallKB933566$\wininet.dll
2007-04-18 08:31 658944 b7156cd97e739f3014bc4d61758f868a	C:\WINDOWS\$NtUninstallKB937143$\wininet.dll
2007-06-26 10:09 658944 184e47c8f7b331025e6dc92740db188f	C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
2007-08-22 09:12 658944 1901ad51da8be9f8b38d5d526e5d1788	C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 02:13 659456 2005ad86a22aee68e21ee59f9ccb77f2	C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9	C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065	C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 22:21 815616 a70ee704684dcb182707d841aa64cdc7	C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-03-01 09:06 817152 ac86305e537d18714c97e41a40ccca4c	C:\WINDOWS\ServicePackFiles\i386\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065	C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04	C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2008-04-23 00:16 826368 f6589be784647cfdbc22ea51ccb1a57a	C:\WINDOWS\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2GDR\wininet.dll
2008-04-22 23:35 827392 41546b396a526918da7995a02ea04e51	C:\WINDOWS\SoftwareDistribution\Download\f4bbe93413da6448b38093eb5244141e\SP2QFE\wininet.dll
2008-03-01 09:06 817152 ac86305e537d18714c97e41a40ccca4c	C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3	C:\WINDOWS\system32\dllcache\wininet.dll

2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( [email protected]_16.15.43.01 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 253,952 2004-10-15 04:54:32 C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe

----a-w 50,688 2003-06-07 11:32:32 C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe

----a-w 180,269 2005-02-17 07:25:49 C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
----a-w 185,632 2007-11-11 00:10:42 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

----a-w 262,210 2004-05-05 08:54:34 C:\Program Files\epson\Ink Monitor\bak\InkMonitor.exe

----a-w 171,448 2007-02-06 20:28:17 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

----a-w 49,152 2004-06-08 01:53:26 C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe

----a-w 278,528 2006-06-14 21:24:14 C:\Program Files\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-03-30 14:36:40 C:\Program Files\iTunes\iTunesHelper.exe

----a-w 49,263 2006-07-26 08:03:14 C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe

----a-w 190,024 2006-06-11 17:49:16 C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe

----a-w 473,928 2005-11-15 18:12:14 C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe

----a-w 98,304 2005-02-17 07:33:06 C:\Program Files\QuickTime\bak\qttask.exe
----a-w 413,696 2008-03-29 03:37:20 C:\Program Files\QuickTime\QTTask.exe

----a-w 4,662,776 2006-12-01 02:49:04 C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE

----a-w 663,552 2004-12-14 09:23:44 C:\WINDOWS\CREATOR\bak\Remind_XP.exe

----a-w 233,472 2004-04-15 03:43:46 C:\WINDOWS\SMINST\bak\RECGUARD.EXE

----a-w 52,736 1998-05-07 23:04:38 C:\WINDOWS\system\bak\hpsysdrv.exe

----a-w 15,360 2004-08-04 18:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 C:\WINDOWS\system32\ctfmon.exe

----a-w 126,976 2004-11-02 22:59:42 C:\WINDOWS\system32\bak\hkcmd.exe

----a-w 659,456 2004-06-08 01:42:30 C:\WINDOWS\system32\bak\hphmon06.exe

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [ ]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 13:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 20:12 55808 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\~#~$hivani~#~\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\(d) Foru\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 17:32:57 147456]

C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^##~~cHiRaG~~##.YOUR-4F1261A8E5^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-10-14 02:00 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-10-14 02:17 2742272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b0612b93]
C:\WINDOWS\system32\xcxjhmdf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb352180f]
C:\WINDOWS\system32\acvjlejr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-14 00:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-10 20:10 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51095:TCP"= 51095:TCPORT_51095
"65261:TCP"= 65261:TCPORT_65261
"13637:TCP"= 13637:TCPORT_13637
"67:UDP"= 67:UDPHCP Discovery Service

R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 21:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-10 00:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - ~~~~~SHIVANI~~~~~.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 15:18:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-06-14 15:33:25
ComboFix-quarantined-files.txt 2008-06-14 19:33:14
ComboFix2.txt 2008-06-13 20:27:44

Pre-Run: 116,283,011,072 bytes free
Post-Run: 116,270,268,416 bytes free

336	--- E O F ---	2008-05-28 00:11:44


----------



## perfect (Mar 11, 2008)

This is the Hijack This file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:40 PM, on 6/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\progra~1\mozill~1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11573 bytes

Okay, I did what you told me to do and I checked to see if I got the bookmarks back but I did not have, so i went to the folder to check if i have the bookmarks.bak file and the answer is that yes i do have that file.
I also have *bookmarkbackups* folder. I don't know what you want me do with that file and that folder. What do I do with them.


----------



## Cookiegal (Aug 27, 2003)

Are there any files in the bookmarkbackups folder? They would be called Bookmarks followed by dates and have .html extensions.


Are you sure you copied and pasted the exact script that I gave you for the fix with ComboFix because nothing was removed?


----------



## perfect (Mar 11, 2008)

Hey! yeah I pasted exactly the same thing in the script and i guess nothing happened. One thing I would like to say is that i am using Mozzila firefox and on the script somewhere i read Internet Explorer. I am not sure if the issue is because of this but it maybe. i just wanted to point it out, but I am pretty sure you must be aware of that. 

As far as the folder is concerned, yes there are like five files with html on it.


----------



## Cookiegal (Aug 27, 2003)

What is your version of Firefox please?


----------



## Cookiegal (Aug 27, 2003)

This should work in all versions of Firefox. Those html files contain backups of your bookmarks.

Click on *Bookmarks *- *Organize Bookmarks *then *File *- *Import *- select *From File* then navigate to the *Backupbookmarks* folder and select the one with the latest date which should be the last backup of your bookmarks.

Let me know how that goes please.


----------



## perfect (Mar 11, 2008)

Firefox version 2.0.0.14. Thank You


----------



## perfect (Mar 11, 2008)

Ohh Yes! I Got Them Back! Thank You Very Much! You Are The Best!


----------



## Cookiegal (Aug 27, 2003)

I'm glad to hear that. 

Please try running the script again with ComboFix but try using IE this time. I don't see anything that should be blocking those changes we are trying to make. At least you know how to get your Firefox bookmarks back if they disappear again.


----------



## perfect (Mar 11, 2008)

Hi! I did what you told me to do and the log file is attached to this message.

I don't know if there is going to be a difference but I did get a error message after the scan was done and it was in the preparing the log file process. The message had something like parimeters and then some numbers and letters and it also displayed a message, i am sorry i forgot to save the window or write the message. I don't this would be a problem though. The message had the option to try again so, I clicked try again the first time but then it came up again so i kept ckicling continue until the message went away which was about 5-7 times.

P.S. I am uding Internet exploerer this time!


----------



## perfect (Mar 11, 2008)

OOPS i forgot to post a hijackthis log. Here is the updated one.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:34:35 AM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11704 bytes


----------



## Cookiegal (Aug 27, 2003)

Let's try this again. Be sure to remember to disable your security programs before running the fix.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\BMb352180f.xml
C:\2.exe
C:\WINDOWS\iilklm.ini2

Folder::
C:\Program Files\Setup
C:\Program Files\altpayV2

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\b0612b93]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMb352180f]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=-
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## perfect (Mar 11, 2008)

Heyy This is the log file Here attached to this message.
The HijackThis log is here.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:14:40 PM, on 6/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\pi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11732 bytes

I also attached a picture of the scan which was in the beginning stage of the scanning process. I di dthis because I think i saw something that wasn't suppose to be there and that is the line which said "The system cannot find the path specified" I am not sure but this might be a problem. 
Another thing I wanted to tell you is that the error message is was telling you earlier in this thread came up again and it said something like this:

Windows - No Disk -

Exception prcessing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Cnacel | Try Again | Continue

- I am not sure if this would help but this is what happened and i thought i would share it with you. Thank You!


----------



## Cookiegal (Aug 27, 2003)

I think the problem lies with your user name and ComboFix can't handle the odd characters in it. I'll have to prepare a manual fix for you and that will take a while so I'll be back......


----------



## perfect (Mar 11, 2008)

Okay! Thank You Very Much!


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixperfect.zip file. Save it to your desktop. Unzip it and double-click the Fixperfect.reg file and allow it to enter into the registry.

Please *download* the *OTMoveIt2 by OldTimer*.

 *Save* it to your *desktop*.
Please double-click *OTMoveIt2.exe* to run it. (*Note:* If you are running on Vista, right-click on the file and choose *Run As Administrator*).
*Copy the lines in the codebox below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
C:\WINDOWS\BMb352180f.xml
C:\2.exe
C:\WINDOWS\iilklm.ini2
C:\Program Files\Setup
C:\Program Files\altpayV2
```

 Return to OTMoveIt2, right click in the *Paste Custom List Of Files/Patterns To Move* window (under the yellow bar) and choose *Paste*.

Click the red *Moveit!* button.
*Copy everything in the Results window (under the green bar) to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTMoveIt2*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.* In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post with a new HijackThis log.


----------



## Cookiegal (Aug 27, 2003)

Also, after you've done that we need to address another issue showing in ComboFix.

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups and then restore them.

Download FindAWF.exe from *here* or *here* and save it to your desktop.

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with the following Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT​
*Select option 1*, then press Enter
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.


----------



## perfect (Mar 11, 2008)

*Hi! This is the result from OTMoveIt2.*

C:\WINDOWS\BMb352180f.xml moved successfully.
C:\2.exe moved successfully.
C:\WINDOWS\iilklm.ini2 moved successfully.
C:\Program Files\Setup moved successfully.
C:\Program Files\altpayV2 moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06152008_151816
*
And this is the result from FindAWF*

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Sun 06/15/2008 
The current time is: 15:20:58.95

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

06/14/2006 05:24 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MESSEN~2\BAK

06/11/2006 01:49 PM 190,024 MsgPlus.exe
1 File(s) 190,024 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 02:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/17/2005 03:33 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\SMINST\BAK

04/14/2004 11:43 PM 233,472 RECGUARD.EXE
1 File(s) 233,472 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 07:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:00 PM 15,360 ctfmon.exe
11/02/2004 06:59 PM 126,976 hkcmd.exe
06/07/2004 09:42 PM 659,456 hphmon06.exe
3 File(s) 801,792 bytes

Directory of C:\HP\DRIVERS\HPLSBW~1\BAK

10/15/2004 12:54 AM 253,952 lsburnwatcher.exe
1 File(s) 253,952 bytes

Directory of C:\PROGRA~1\EPSON\INKMON~1\BAK

05/05/2004 04:54 AM 262,210 InkMonitor.exe
1 File(s) 262,210 bytes

Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK

06/07/2004 09:53 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 10:49 PM 4,662,776 YAHOOM~1.EXE
1 File(s) 4,662,776 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 07:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/17/2005 03:25 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

02/06/2007 04:28 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

07/26/2006 04:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

267048 Mar 30 2008 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 4 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
190024 Jun 11 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
413696 Mar 28 2008 "C:\Program Files\QuickTime\QTTask.exe"
98304 Feb 17 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
233472 Apr 14 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 Apr 13 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
126976 Nov 2 2004 "C:\hp\drivers\video_Intel\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\hkcmd.exe"
659456 Jun 7 2004 "C:\WINDOWS\system32\bak\hphmon06.exe"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
262210 May 5 2004 "C:\Program Files\epson\Ink Monitor\bak\InkMonitor.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
4670704 Aug 30 2007 "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
185632 Nov 10 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Feb 17 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
746600 Apr 7 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
2179896 Nov 9 2006 "C:\Program Files\Intuit\QuickBooks 2007\GoogleDesktopSetup.exe"
1145896 Nov 10 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
171448 Feb 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
144784 Mar 25 2008 "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
49263 Sep 7 2006 "C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"

end of report
*
Thank You!*


----------



## Cookiegal (Aug 27, 2003)

Go to Control Panel - Add/Remove programs and remove:

*Microsoft AntiSpyware*

This program was replaced by Windows Defender so if you still want to keep it you can down the newer program but please wait until we're finished here.

Copy the file paths below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
"C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
"C:\WINDOWS\system\bak\hpsysdrv.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\WINDOWS\system32\bak\hphmon06.exe"
"C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
"C:\Program Files\epson\Ink Monitor\bak\InkMonitor.exe"
"C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
"C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
"C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
"C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier. exe"
"C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"

*

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 2* from the menu and press Enter.
Press any key to continue.
A Notepad document *FindAWF.txt* will appear with instructions to click below the line and paste the list of files to be restored.
Right click below this line and select* Paste*, to paste the list of files copied to the clipboard earlier. Save and close the document.
The program will proceed to move the legit files and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called *AWF.txt*.
Please copy and paste the contents of the *AWF.txt* file in your next reply.


----------



## perfect (Mar 11, 2008)

Hey! I don't have anything called *Windows Antispyware* in my add or remove programs list. Do you still want me to continue with the other FindAWF thing you told me to do?


----------



## Cookiegal (Aug 27, 2003)

OK then it must just be the leftover program folder so please delete this folder before running the FindAwf fix.

C:\Program Files\*Microsoft AntiSpyware*


----------



## perfect (Mar 11, 2008)

OOPS.. i accidently did the awf thing before i deleted the folder "windows Antispyware" what do I do then, do i still delete the folder and then do the AWF thing again?


----------



## Cookiegal (Aug 27, 2003)

No it's fine. You can just post the FindAwf log you have.


----------



## perfect (Mar 11, 2008)

Hey! Okay this is the AWF log

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Mon 06/16/2008 
The current time is: 11:26:54.09

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\ITUNES\BAK

06/14/2006 05:24 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\MESSEN~2\BAK

06/11/2006 01:49 PM 190,024 MsgPlus.exe
1 File(s) 190,024 bytes

Directory of C:\PROGRA~1\MICROS~2\BAK

11/15/2005 02:12 PM 473,928 gcasServ.exe
1 File(s) 473,928 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

02/17/2005 03:33 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\WINDOWS\CREATOR\BAK

12/14/2004 05:23 AM 663,552 Remind_XP.exe
1 File(s) 663,552 bytes

Directory of C:\WINDOWS\SMINST\BAK

04/14/2004 11:43 PM 233,472 RECGUARD.EXE
1 File(s) 233,472 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

05/07/1998 07:04 PM 52,736 hpsysdrv.exe
1 File(s) 52,736 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/04/2004 02:00 PM 15,360 ctfmon.exe
11/02/2004 06:59 PM 126,976 hkcmd.exe
06/07/2004 09:42 PM 659,456 hphmon06.exe
3 File(s) 801,792 bytes

Directory of C:\HP\DRIVERS\HPLSBW~1\BAK

10/15/2004 12:54 AM 253,952 lsburnwatcher.exe
1 File(s) 253,952 bytes

Directory of C:\PROGRA~1\EPSON\INKMON~1\BAK

05/05/2004 04:54 AM 262,210 InkMonitor.exe
1 File(s) 262,210 bytes

Directory of C:\PROGRA~1\HP\{AAC4F~1\BAK

06/07/2004 09:53 PM 49,152 hphupd06.exe
1 File(s) 49,152 bytes

Directory of C:\PROGRA~1\YAHOO!\MESSEN~1\BAK

11/30/2006 10:49 PM 4,662,776 YAHOOM~1.EXE
1 File(s) 4,662,776 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 07:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

02/17/2005 03:25 AM 180,269 realsched.exe
1 File(s) 180,269 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

02/06/2007 04:28 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

07/26/2006 04:03 AM 49,263 jusched.exe
1 File(s) 49,263 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

278528 Jun 14 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Jun 14 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Apr 4 2008 "C:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe"
75048 Apr 4 2008 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe"
190024 Jun 11 2006 "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
190024 Jun 11 2006 "C:\Program Files\MessengerPlus! 3\bak\MsgPlus.exe"
473928 Nov 15 2005 "C:\Program Files\Microsoft AntiSpyware\bak\gcasServ.exe"
98304 Feb 17 2005 "C:\Program Files\QuickTime\qttask.exe"
98304 Feb 17 2005 "C:\Program Files\QuickTime\bak\qttask.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\Remind_XP.exe"
663552 Dec 14 2004 "C:\WINDOWS\CREATOR\bak\Remind_XP.exe"
233472 Apr 14 2004 "C:\WINDOWS\SMINST\RECGUARD.EXE"
233472 Apr 14 2004 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 Apr 13 2008 "C:\WINDOWS\system32\ctfmon.exe"
15360 Aug 4 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\hkcmd.exe"
126976 Nov 2 2004 "C:\hp\drivers\video_Intel\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\hkcmd.exe"
126976 Nov 2 2004 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\hkcmd.exe"
659456 Jun 7 2004 "C:\WINDOWS\system32\hphmon06.exe"
659456 Jun 7 2004 "C:\WINDOWS\system32\bak\hphmon06.exe"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
253952 Oct 15 2004 "C:\hp\drivers\hplsbwatcher\bak\lsburnwatcher.exe"
262210 May 5 2004 "C:\Program Files\epson\Ink Monitor\InkMonitor.exe"
262210 May 5 2004 "C:\Program Files\epson\Ink Monitor\bak\InkMonitor.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
49152 Jun 7 2004 "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak\hphupd06.exe"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\YAHOOM~1.EXE"
4662776 Nov 30 2006 "C:\Program Files\Yahoo!\Messenger\bak\YAHOOM~1.EXE"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
180269 Feb 17 2005 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
180269 Feb 17 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
746600 Apr 7 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
2179896 Nov 9 2006 "C:\Program Files\Intuit\QuickBooks 2007\GoogleDesktopSetup.exe"
1145896 Nov 10 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
171448 Feb 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
144784 Mar 25 2008 "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
49263 Sep 7 2006 "C:\Program Files\Adobe\Adobe Flash CS3\JVM\bin\jusched.exe"
49263 Jul 26 2006 "C:\Program Files\Java\jre1.5.0_08\bin\bak\jusched.exe"

end of report

*Do I Still delete that folder you told me to delete?*


----------



## Cookiegal (Aug 27, 2003)

Copy the file paths below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\Program Files\iTunes\bak
C:\Program Files\MessengerPlus! 3\bak
C:\Program Files\QuickTime\bak
C:\WINDOWS\CREATOR\bak
C:\WINDOWS\SMINST\bak
C:\WINDOWS\system\bak
C:\WINDOWS\system32\bak
C:\hp\drivers\hplsbwatcher\bak
C:\Program Files\epson\Ink Monitor\bak 
C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\bak 
C:\Program Files\Yahoo!\Messenger\bak 
C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak 
C:\Program Files\Common Files\Real\Update_OB\bak 
C:\Program Files\Java\jre1.5.0_08\bin\bak
*


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 3* from the menu and press Enter.
Press any key to continue. 
A Notepad document *FindAWF.txt* will appear with instructions to click below the line and paste the list of folders to be removed.
Right click below this line and select* Paste*, to paste the list of folders copied to the clipboard earlier. Save and close the document.
The program will proceed to remove the bak folders and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.


----------



## perfect (Mar 11, 2008)

Hey! I deleted *Microsoft Antispyware*. I also did the FindAWF scan and this is the log.

Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Mon 06/16/2008 
The current time is: 17:16:28.14

bak folders found
~~~~~~~~~~~

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

02/06/2007 04:28 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

746600 Apr 7 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
2179896 Nov 9 2006 "C:\Program Files\Intuit\QuickBooks 2007\GoogleDesktopSetup.exe"
1145896 Nov 10 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
171448 Feb 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"

end of report


----------



## Cookiegal (Aug 27, 2003)

I knew we would have this straggler as it didn't get fixed in the first run so let's give this another try please.

Copy the file paths below to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*"C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier. exe"
*

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 2* from the menu and press Enter.
Press any key to continue.
A Notepad document *FindAWF.txt* will appear with instructions to click below the line and paste the list of files to be restored.
Right click below this line and select* Paste*, to paste the list of files copied to the clipboard earlier. Save and close the document.
The program will proceed to move the legit files and will perform another scan for bak folders.
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called *AWF.txt*.
Please copy and paste the contents of the *AWF.txt* file in your next reply.


----------



## perfect (Mar 11, 2008)

Hey! This is the log from FindAWF.

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Tue 06/17/2008 
The current time is: 16:13:00.95


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK

02/06/2007 04:28 PM 171,448 GoogleToolbarNotifier.exe
1 File(s) 171,448 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

746600 Apr 7 2006 "C:\Program Files\Google\Google Desktop Search\GoogleDesktopSearchSetup.exe"
2179896 Nov 9 2006 "C:\Program Files\Intuit\QuickBooks 2007\GoogleDesktopSetup.exe"
1145896 Nov 10 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
171448 Feb 6 2007 "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe"


end of report


----------



## Cookiegal (Aug 27, 2003)

For some reason, it's not working so I'm going to have to give you an assignment......should you choose to accept it. I assure you it's not Mission Impossible. 


Navigate to this file in this exact location (it has to be in that bak folder):

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier. exe

First thing I need to know is if it actually does have a space between the file name and .exe or not because sometimes spaces are inserted by the board software but there is also malware that does that as well. Can you tell me that please?


----------



## perfect (Mar 11, 2008)

Hey! completed the mission 

There is no space between the file name and .exe
This is exactly how the file is named: 
*GoogleToolbarNotifier.exe*


----------



## Cookiegal (Aug 27, 2003)

Actually, that was only part 1 of the assignment. Can't let you get off that easily. 

Navigate to the same file (the one in the bak folder) again:

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\*GoogleToolbarNotifier.exe*

Right-click the *GoogleToolbarNotifier.exe *file and select "copy" and then navigate to the following folder:

C:\Program Files\Google\GoogleToolbarNotifier\*1.2.1128.5462*

Open the *1.2.1128.5462* folder and then right-click and select "paste". This will paste a copy of that file in its proper location.

So after doing the above, you should now have a copy of that same file in both of these locations (one within the bak folder and one not). Can you confirm back to me that this is so please?

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\bak\GoogleToolbarNotifier.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe


----------



## perfect (Mar 11, 2008)

Hey! Yes, Completed Part 2 of the mission 
Now i have to *GoogleToolbarNotifier.exe*. One in the *bak* folder and the other one in the *1.2.1128.5462* folder.


----------



## Cookiegal (Aug 27, 2003)

That's good. :up:

Now please delete this bak folder entirely and you will be left with just the other:

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\*bak*

This is the final step for this particular infection:


Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
*Select option 4* from the menu and press Enter.
Press any key to continue. 
You will receive a warning to reset domain zones
Press 1 then press Enter.
If you have manually included sites in the trusted zones, these will need to be re-inserted.

I'm also attaching a *ResetProtocolDefaults.zip *file to this post. Save it to your desktop as well. Double click The *ResetProtocolDefaults.reg* file and allow it to enter into the registry.


----------



## perfect (Mar 11, 2008)

Hey! I deleted that folder. 

I also did "the final step", but after I pressed 1 it said that it has reseted the domain zones or something like that. I believe it is suppose to do that? and it said 1 to return to main menu and E to exit..I types E and exited. Hope I didn't do the wrong thing.

I also did the "allowing it to enter into the registry" thing. 

What do I do now?


----------



## Cookiegal (Aug 27, 2003)

Please run a new scan with ComboFix and post that log together with a new HijackThis log.


----------



## perfect (Mar 11, 2008)

Hey! This is my ComboFix Log

ComboFix 08-06-11.7 - ##~~cHiRaG~~## 2008-06-18 14:09:56.6 - NTFSx86
Running from: C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\inst.exe
C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-18 to 2008-06-18 )))))))))))))))))))))))))))))))
.

2008-06-16 11:26 . 2004-06-07 21:42	659,456	--a------	C:\WINDOWS\system32\hphmon06.exe
2008-06-16 11:26 . 2004-11-02 18:59	126,976	--a------	C:\WINDOWS\system32\hkcmd.exe
2008-06-16 11:26 . 1998-05-07 19:04	52,736	--a------	C:\WINDOWS\system\hpsysdrv.exe
2008-06-13 21:17 . 2008-05-08 10:02	203,136	---------	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-13 21:16 . 2008-04-14 08:30	272,128	---------	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:18 . 2008-06-10 20:18 d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-10 20:18 . 2008-06-10 20:20 d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 12:08 . 2008-06-08 01:22 d--------	C:\Program Files\Unlocker
2008-06-06 08:17 . 2008-06-06 08:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Media Player Classic
2008-06-06 07:36 . 2008-06-06 17:09 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\uTorrent
2008-06-06 00:27 . 2008-06-06 00:27 d--------	C:\Program Files\OJOsoft
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Publish Providers
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NetMedia Providers
2008-05-26 17:59 . 2008-05-26 18:12 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony
2008-05-26 17:58 . 2008-05-26 17:58 d--------	C:\Documents and Settings\All Users\Application Data\Sony
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Vstplugins
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Sony
2008-05-22 17:16 . 2008-05-22 17:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony Setup
2008-05-22 17:15 . 2008-05-22 17:15 d--------	C:\Program Files\Sony Setup
2008-05-22 15:39 . 2008-06-02 17:08 d--------	C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-05-22 15:36 . 2008-05-22 15:36 d--------	C:\Program Files\Common Files\DirectX
2008-05-22 15:27 . 2008-05-22 15:27 d--------	C:\Program Files\EA GAMES
2008-05-19 20:02 . 2008-05-19 20:02 d--------	C:\Program Files\MagicDVDRipper

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-18 18:09	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-18 02:50	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Image Zone Express
2008-06-18 01:48	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\LimeWire
2008-06-18 01:34	---------	d-----w	C:\Program Files\LimeWire
2008-06-18 01:34	---------	d-----w	C:\Program Files\Incomplete
2008-06-16 21:16	---------	d-----w	C:\Program Files\QuickTime
2008-06-16 21:16	---------	d-----w	C:\Program Files\MessengerPlus! 3
2008-06-16 21:16	---------	d-----w	C:\Program Files\iTunes
2008-06-07 12:44	---------	d-----w	C:\Program Files\NCH Software
2008-05-22 00:18	---------	d-----w	C:\Program Files\NCH Swift Sound
2008-05-22 00:18	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NCH Swift Sound
2008-05-19 22:47	284	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ViewerApp.dat
2008-05-17 20:16	71,534	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2008-05-17 20:16	5,384	----a-w	C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-17 20:16	218,624	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-05-15 00:04	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 15:32	---------	d-----w	C:\Program Files\Common Files\element5 Shared
2008-05-10 15:31	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-10 15:28	47,360	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\pcouffin.sys
2008-05-10 15:28	---------	d-----w	C:\Program Files\VSO
2008-05-10 15:28	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Vso
2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12	1,288,192	----a-w	C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12	1,288,192	------w	C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 19:40	---------	d-----w	C:\Program Files\Safari
2008-05-02 19:30	---------	d-----w	C:\Program Files\Apple Software Update
2008-05-01 23:05	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\SUPERAntiSpyware.com
2008-05-01 23:04	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-05-01 23:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 21:21	---------	d-----w	C:\Program Files\Java
2008-05-01 21:17	---------	d-----w	C:\Program Files\Common Files\Java
2008-04-29 04:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-28 23:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Malwarebytes
2008-04-25 23:01	---------	d-----w	C:\Program Files\Trend Micro
2008-04-25 10:00	719,872	----a-w	C:\WINDOWS\system32\devil.dll
2008-04-25 10:00	349,184	----a-w	C:\WINDOWS\system32\avisynth.dll
2008-04-24 02:16	3,591,680	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 22:25	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-23 03:47	---------	d-----w	C:\Program Files\DivX
2008-04-22 07:40	625,664	----a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39	70,656	----a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39	13,824	----a-w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07	161,792	----a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-19 17:36	---------	d-----w	C:\Program Files\Cucusoft
2008-04-19 16:11	---------	d-----w	C:\Documents and Settings\~#~$hivani~#~\Application Data\extra cool
2008-04-14 09:42	985,088	----a-w	C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42	11,264	----a-w	C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41	423,936	----a-w	C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25	1,804	----a-w	C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16	329,728	----a-w	C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll
2008-04-14 00:10	53,279	----a-w	C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10	4,126	----a-w	C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10	3,584	----a-w	C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00	103,424	----a-w	C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30	1,845,632	----a-w	C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27	2,188,928	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31	2,065,792	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14	76,800	----a-w	C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39	438,784	----a-w	C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39	3,288,064	----a-w	C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39	187,392	----a-w	C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27	79,872	----a-w	C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27	79,872	----a-w	C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26	94,208	----a-w	C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24	20,480	----a-w	C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03	666,112	----a-w	C:\WINDOWS\system32\shdoclc.dll
2008-04-13 17:03	63,488	----a-w	C:\WINDOWS\system32\browselc.dll
2008-04-13 16:48	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45	379,904	----a-w	C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22	48,128	----a-w	C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll
2008-03-31 21:25	831,488	----a-w	C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25	161,096	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30	524,288	----a-w	C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30	3,596,288	----a-w	C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30	200,704	----a-w	C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30	1,044,480	----a-w	C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28	81,920	----a-w	C:\WINDOWS\system32\dpl100.dll
2007-08-14 15:50	88	--sh--r	C:\WINDOWS\system32\3A9D5F4952.sys
2007-08-14 15:50	2,516	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-14_20.32.32.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 00:10:08	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-06-18 12:35:40	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2004-12-14 09:23:44	663,552	----a-w	C:\WINDOWS\CREATOR\Remind_XP.exe
+ 2004-04-15 03:43:46	233,472	----a-w	C:\WINDOWS\SMINST\RECGUARD.EXE
- 2008-05-17 18:25:09	1,696,032	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-16 12:31:59	1,695,336	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 18:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 00:54 253952]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 13:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 20:12 55808 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\~#~$hivani~#~\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\(d) Foru\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 14:52:50 147456]

C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^##~~cHiRaG~~##.YOUR-4F1261A8E5^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-10-14 02:00 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-10-14 02:17 2742272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--a------ 2004-05-05 04:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-02-17 03:33 98304 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 05:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-14 00:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-06 16:28 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-17 03:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51095:TCP"= 51095:TCPORT_51095
"65261:TCP"= 65261:TCPORT_65261
"13637:TCP"= 13637:TCPORT_13637
"67:UDP"= 67:UDPHCP Discovery Service

R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 21:52:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 00:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - ~~~~~SHIVANI~~~~~.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-18 14:17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-18 14:24:03
ComboFix-quarantined-files.txt 2008-06-18 18:23:57
ComboFix2.txt 2008-06-15 16:09:22
ComboFix3.txt 2008-06-15 00:37:36
ComboFix4.txt 2008-06-14 19:33:26
ComboFix5.txt 2008-06-13 20:27:44

Pre-Run: 116,340,822,016 bytes free
Post-Run: 116,352,167,936 bytes free

291	--- E O F ---	2008-06-15 00:04:39


----------



## perfect (Mar 11, 2008)

This is the HiajckThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:30 PM, on 6/18/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\progra~1\mozill~1\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11544 bytes


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I never received notification of your reply and I won't be able to check your logs until tomorrow morning. I just wanted to let you know that.


----------



## perfect (Mar 11, 2008)

ohh.. that's okay


----------



## Cookiegal (Aug 27, 2003)

Let's try this once again:

Open Notepad and copy and paste the text in the code box below into it:


```
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=-
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## perfect (Mar 11, 2008)

Hey! Sorry for the late reply. Here is the ComboFix Log.

ComboFix 08-06-11.7 - ##~~cHiRaG~~## 2008-06-21 22:35:23.7 - NTFSx86
Running from: C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\##~cHiRaG~##.YOUR-4F1261A8E5\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-05-22 to 2008-06-22 )))))))))))))))))))))))))))))))
.

2008-06-16 11:26 . 2004-06-07 21:42	659,456	--a------	C:\WINDOWS\system32\hphmon06.exe
2008-06-16 11:26 . 2004-11-02 18:59	126,976	--a------	C:\WINDOWS\system32\hkcmd.exe
2008-06-16 11:26 . 1998-05-07 19:04	52,736	--a------	C:\WINDOWS\system\hpsysdrv.exe
2008-06-13 21:17 . 2008-05-08 10:02	203,136	---------	C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-13 21:16 . 2008-06-13 07:05	272,128	---------	C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 20:18 . 2008-06-10 20:18 d--------	C:\Program Files\Spybot - Search & Destroy
2008-06-10 20:18 . 2008-06-10 20:20 d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-07 12:08 . 2008-06-08 01:22 d--------	C:\Program Files\Unlocker
2008-06-06 08:17 . 2008-06-06 08:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Media Player Classic
2008-06-06 07:36 . 2008-06-06 17:09 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\uTorrent
2008-06-06 00:27 . 2008-06-06 00:27 d--------	C:\Program Files\OJOsoft
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Publish Providers
2008-05-26 18:05 . 2008-05-26 18:05 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NetMedia Providers
2008-05-26 17:59 . 2008-05-26 18:12 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony
2008-05-26 17:58 . 2008-05-26 17:58 d--------	C:\Documents and Settings\All Users\Application Data\Sony
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Vstplugins
2008-05-26 17:57 . 2008-05-26 17:57 d--------	C:\Program Files\Sony
2008-05-22 17:16 . 2008-05-22 17:17 d--------	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Sony Setup
2008-05-22 17:15 . 2008-05-22 17:15 d--------	C:\Program Files\Sony Setup
2008-05-22 15:39 . 2008-06-02 17:08 d--------	C:\Documents and Settings\All Users\Application Data\NFS Underground
2008-05-22 15:36 . 2008-05-22 15:36 d--------	C:\Program Files\Common Files\DirectX
2008-05-22 15:27 . 2008-05-22 15:27 d--------	C:\Program Files\EA GAMES

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-22 02:33	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-06-22 02:32	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\LimeWire
2008-06-21 21:54	---------	d-----w	C:\Program Files\LimeWire
2008-06-21 21:54	---------	d-----w	C:\Program Files\Incomplete
2008-06-21 00:16	---------	d-----w	C:\Program Files\Safari
2008-06-20 03:24	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Image Zone Express
2008-06-16 21:16	---------	d-----w	C:\Program Files\QuickTime
2008-06-16 21:16	---------	d-----w	C:\Program Files\MessengerPlus! 3
2008-06-16 21:16	---------	d-----w	C:\Program Files\iTunes
2008-06-13 11:05	272,128	----a-w	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-07 12:44	---------	d-----w	C:\Program Files\NCH Software
2008-05-22 00:18	---------	d-----w	C:\Program Files\NCH Swift Sound
2008-05-22 00:18	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\NCH Swift Sound
2008-05-20 00:02	---------	d-----w	C:\Program Files\MagicDVDRipper
2008-05-19 22:47	284	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ViewerApp.dat
2008-05-17 20:16	71,534	----a-w	C:\WINDOWS\BricoPackUninst.cmd
2008-05-17 20:16	5,384	----a-w	C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-05-17 20:16	218,624	----a-w	C:\WINDOWS\system32\uxtheme.dll
2008-05-15 00:04	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-10 15:32	---------	d-----w	C:\Program Files\Common Files\element5 Shared
2008-05-10 15:31	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-05-10 15:28	47,360	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\pcouffin.sys
2008-05-10 15:28	---------	d-----w	C:\Program Files\VSO
2008-05-10 15:28	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Vso
2008-05-08 14:02	203,136	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12	1,288,192	----a-w	C:\WINDOWS\system32\quartz.dll
2008-05-07 05:12	1,288,192	------w	C:\WINDOWS\system32\dllcache\quartz.dll
2008-05-02 19:30	---------	d-----w	C:\Program Files\Apple Software Update
2008-05-01 23:05	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\SUPERAntiSpyware.com
2008-05-01 23:04	---------	d-----w	C:\Program Files\SUPERAntiSpyware
2008-05-01 23:04	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-05-01 21:21	---------	d-----w	C:\Program Files\Java
2008-05-01 21:17	---------	d-----w	C:\Program Files\Common Files\Java
2008-04-29 04:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-28 23:30	---------	d-----w	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-28 04:13	---------	d-----w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\Malwarebytes
2008-04-25 23:01	---------	d-----w	C:\Program Files\Trend Micro
2008-04-25 10:00	719,872	----a-w	C:\WINDOWS\system32\devil.dll
2008-04-25 10:00	349,184	----a-w	C:\WINDOWS\system32\avisynth.dll
2008-04-24 02:16	3,591,680	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 22:25	47,360	----a-w	C:\WINDOWS\system32\drivers\pcouffin.sys
2008-04-23 03:47	---------	d-----w	C:\Program Files\DivX
2008-04-22 07:40	625,664	----a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39	70,656	----a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:39	13,824	----a-w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07	161,792	----a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 09:42	985,088	----a-w	C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42	11,264	----a-w	C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41	423,936	----a-w	C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25	1,804	----a-w	C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16	329,728	----a-w	C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13	92,424	----a-w	C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13	87,176	----a-w	C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13	12,168	----a-w	C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11	98,304	----a-w	C:\WINDOWS\system32\actxprxy.dll
2008-04-14 00:10	53,279	----a-w	C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10	4,126	----a-w	C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10	4,126	----a-w	C:\WINDOWS\system32\dllcache\msdxmlc.dll
2008-04-14 00:10	3,584	----a-w	C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00	103,424	----a-w	C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30	1,845,632	----a-w	C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27	2,188,928	----a-w	C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44	17,664	----a-w	C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35	24,064	----a-w	C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31	7,424	----a-w	C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31	2,065,792	----a-w	C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30	61,440	----a-w	C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14	76,800	----a-w	C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39	438,784	----a-w	C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39	3,288,064	----a-w	C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39	187,392	----a-w	C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37	208,384	----a-w	C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37	138,752	----a-w	C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27	79,872	----a-w	C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:27	79,872	----a-w	C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-04-13 17:26	94,208	----a-w	C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26	12,288	----a-w	C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24	20,480	----a-w	C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21	733,696	----a-w	C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09	4,096	----a-w	C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03	666,112	----a-w	C:\WINDOWS\system32\shdoclc.dll
2008-04-13 17:03	63,488	----a-w	C:\WINDOWS\system32\browselc.dll
2008-04-13 16:48	1,647,616	----a-w	C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45	379,904	----a-w	C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23	48,128	----a-w	C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22	48,128	----a-w	C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39	884,736	----a-w	C:\WINDOWS\system32\msimsg.dll
2008-03-31 21:25	831,488	----a-w	C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25	823,296	----a-w	C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25	823,296	----a-w	C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25	802,816	----a-w	C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25	682,496	----a-w	C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25	161,096	----a-w	C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-25 04:05	7,816	----a-w	C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2007-12-21 19:51	3,530	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\wklnhst.dat
2007-12-02 18:52	81,920	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\ezpinst.exe
2007-12-02 18:52	47,360	----a-w	C:\Documents and Settings\~#~$hivani~#~\Application Data\pcouffin.sys
2007-12-02 16:10	81,920	----a-w	C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Application Data\ezpinst.exe
2007-08-14 15:50	88	--sh--r	C:\WINDOWS\system32\3A9D5F4952.sys
2007-08-14 15:50	2,516	--sha-w	C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658	C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6	C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 14:00 1032192 a0732187050030ae399b241436565e64	C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 975872 561a50497324f378e30f55d09b4e1258	C:\WINDOWS\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((( snapshot_2008-06-14_20.32.32.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-15 00:10:08	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-06-21 14:46:05	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2004-12-14 09:23:44	663,552	----a-w	C:\WINDOWS\CREATOR\Remind_XP.exe
- 2008-04-14 12:30:49	272,128	------w	C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-13 11:05:51	272,128	------w	C:\WINDOWS\Driver Cache\i386\bthport.sys
+ 2008-06-21 00:16:39	307,200	----a-r	C:\WINDOWS\Installer\{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}\SafariIco.exe
+ 2004-04-15 03:43:46	233,472	----a-w	C:\WINDOWS\SMINST\RECGUARD.EXE
- 2008-05-17 18:25:09	1,696,032	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-16 12:31:59	1,695,336	----a-w	C:\WINDOWS\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 19:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-02 18:59 126976]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 20:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 21:42 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 23:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 03:11 771704]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 18:34 213936]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [ ]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 00:54 253952]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 17:24 278528]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 13:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-13 20:12 55808 C:\WINDOWS\system32\narrator.exe]
"POSTRBT"="C:\Program Files\Norton AntiVirus\Navw32.exe" [ ]

C:\Documents and Settings\~#~$hivani~#~\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\(d) Foru\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-06-05 14:52:50 147456]

C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-03-21 10:00:19 3450608]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKLM\~\startupfolder\C:^Documents and Settings^##~~cHiRaG~~##.YOUR-4F1261A8E5^Start Menu^Programs^Startup^RocketDock.lnk]
path=C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\Start Menu\Programs\Startup\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2004-10-14 02:00 57344 C:\WINDOWS\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2004-10-14 02:17 2742272 C:\WINDOWS\ALCWZRD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoTBar]
c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 20:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2004-03-18 03:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 21:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ink Monitor]
--a------ 2004-05-05 04:54 262210 C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2003-06-07 07:32 50688 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 20:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-02-17 03:33 98304 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2004-12-14 05:23 663552 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2004-10-14 00:01 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-06 16:28 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-02-17 03:25 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 13:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Documents and Settings\\~~~~~SHIVANI~~~~~.YOUR-4F1261A8E5\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"51095:TCP"= 51095:TCPORT_51095
"65261:TCP"= 65261:TCPORT_65261
"13637:TCP"= 13637:TCPORT_13637
"67:UDP"= 67:UDPHCP Discovery Service

R3 CCCP106;CIF USB Camera (2110A);C:\WINDOWS\system32\DRIVERS\cccp106.sys [2003-04-09 12:17]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{946850c5-1e27-11d9-baf0-806d6172696f}]
\Shell\AutoRun\command - D:\setup.exe

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-20 22:03:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-17 00:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - ~~~~~SHIVANI~~~~~.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-21 22:41:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2008-06-21 22:47:09
ComboFix-quarantined-files.txt 2008-06-22 02:46:45
ComboFix2.txt 2008-06-18 18:24:05
ComboFix3.txt 2008-06-15 16:09:22
ComboFix4.txt 2008-06-15 00:37:36
ComboFix5.txt 2008-06-14 19:33:26

Pre-Run: 116,123,590,656 bytes free
Post-Run: 116,147,003,392 bytes free

294	--- E O F ---	2008-06-21 00:12:31


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a Fixperfect2.zip file. Save it to your desktop. Unzip it and double-click the Fixperfect2.reg file and allow it to enter into the registry.


How many users are there on this computer?


----------



## perfect (Mar 11, 2008)

Hey! I did what you told me to do.
There are *four *users on this computer!


----------



## Cookiegal (Aug 27, 2003)

Please post a HijackThis log from the account of each of the users.


----------



## perfect (Mar 11, 2008)

*USER ONE*. This is my account log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:16:23 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\progra~1\mozill~1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11647 bytes


----------



## perfect (Mar 11, 2008)

*User Two*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:25:26 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1014\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '##~~cHiRaG~~##')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '##~~cHiRaG~~##')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1014 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '##~~cHiRaG~~##')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12660 bytes


----------



## perfect (Mar 11, 2008)

*User Three*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:45 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1014\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '##~~cHiRaG~~##')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1014\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '##~~cHiRaG~~##')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1014 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '##~~cHiRaG~~##')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12471 bytes


----------



## perfect (Mar 11, 2008)

*User Four*. (last user)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:42:31 PM, on 6/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\srshost.exe (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1013\..\RunOnce: [FlashPlayerUpdate] C:\PROGRA~1\MOZILL~1\plugins\NPSWF32_FlashUtil.exe -p (User '~#~$hivani~#~')
O4 - HKUS\S-1-5-21-3229612040-3970603347-2175731085-1014\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '##~~cHiRaG~~##')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1013 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '~#~$hivani~#~')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1013 User Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '~#~$hivani~#~')
O4 - S-1-5-21-3229612040-3970603347-2175731085-1014 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User '##~~cHiRaG~~##')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 13338 bytes


----------



## Cookiegal (Aug 27, 2003)

They all look fine. 

Are there problems remaining?


----------



## perfect (Mar 11, 2008)

Hey! I need some time to see if everything is okay or not, but i have one question, you know how my account under document and setting is named *##~~cHiRaG~~##.YOUR-4F1261A8E5* but many of the softwares don't recognize this and i can't use them, so is there a way to change my name fully and yet keep all my files and all the softwares recognize it?
an example would be when i was installing windows movie maker, it wouldn't install because it couldn't see my account under documents and setting and an error msg pops up like this one.
http://i30.tinypic.com/25thilw.jpg
if you see the name there has one one # while the actual account name has ##.
how do I change that and keep all my files. Thank You!


----------



## perfect (Mar 11, 2008)

And yes there is another problem too. The initial problem. The file in my documents is still not deleted and even when i try to touch that file, windows explorer closes. Is there a way to solve this?
*
P.S I am sorry if I am bothering you and giving you these problems of mine. I REALLY APPRECIATE YOU HELPING MY. Thank You! and sorry once again.*


----------



## Cookiegal (Aug 27, 2003)

What file in My Documents?


----------



## perfect (Mar 11, 2008)

It is called,

*Tashan.2008.DVDRip.Upscaled.x264.AC3.Subs.avi*


----------



## Cookiegal (Aug 27, 2003)

Have you tried deleting it in safe mode?


----------



## perfect (Mar 11, 2008)

yes, i tried that, it didn't work.


----------



## Cookiegal (Aug 27, 2003)

Has anyone advised you how to take ownership of the folder?


----------



## perfect (Mar 11, 2008)

hey! yes and i tried that too but it doesn't work. One more thing is that it is not a folder, it is a file. A corrupted file i believe.


----------



## Cookiegal (Aug 27, 2003)

Can you give me the entire exact path to the file please.


----------



## perfect (Mar 11, 2008)

how do i get that?


----------



## Cookiegal (Aug 27, 2003)

You said it was in My Documents so how do you get to your My Documents folder when going by My Computer, etc.? It should be something like this but username would be your actual username :

C:\Documents and Settings\username\My Documents\Tashan.2008.DVDRip.Upscaled.x264.AC3.Subs.avi


----------



## perfect (Mar 11, 2008)

*C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\My Documents\Tashan.2008.DVDRip.Upscaled.x264.AC3.Subs.avi*

That would be the exact path then. Thank You!


----------



## Cookiegal (Aug 27, 2003)

1. Please *download* *The Avenger2* by Swandog46 to your *Desktop*.
Right-click on the Avenger.zip folder and select "Extract All..."
 Follow the prompts and extract the *Avenger* folder to your desktop
2. Copy all the text contained in the code box below (including the line that says "Files to delete" to your clipboard by highlighting it and pressing (*Ctrl+C*):


```
Files to delete:
C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\My Documents\Tashan.2008.DVDRip.Upscaled.x264.AC3.Subs.avi
```
_*
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.*_

3. Now, open the Avenger folder and *start The Avenger program* by clicking on its icon.

 Right-click on the window under *Input script here:*, and select Paste.
 You can also paste the text copied to the clipboard into this window by pressing (*Ctrl+V*).
 Click on *Execute* 
 Answer "*Yes*" twice when prompted.
4. *The Avenger will automatically do the following*:
It will *restart your computer*. ( In cases where the code to execute contains "*Drivers to Delete*", The Avenger will actually *restart your system twice.*) 
After the restart, it *creates a log file* that should open with the results of Avengers actions. This log file will be located at *C:\avenger.txt*
 The Avenger will also have *backed up all the files, etc., that you asked it to delete*, and will have zipped them and moved the zip archives to *C:\avenger\backup.zip*.
5. Please *copy/paste* the content of *C:\avenger.txt* into your reply *along with a fresh HijackThis log *.


----------



## perfect (Mar 11, 2008)

Hi! This is the log.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Documents and Settings\##~~cHiRaG~~##.YOUR-4F1261A8E5\My Documents\Tashan.2008.DVDRip.Upscaled.x264.AC3.Subs.avi" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

A Error message came up when the computer restarted. This is what the message was. I clicked try again like 5-10 times and that is when the message left. 









Thank You! very much!

p.s The file I wanted deleted from My Documents was deleted. Thank You for that!


----------



## Cookiegal (Aug 27, 2003)

That's usually caused by iTunes or QuickTime. Please post a new HijackThis log.


----------



## perfect (Mar 11, 2008)

Hi! This is the HijackThis Log. Thank You!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:13 PM, on 6/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\progra~1\mozill~1\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11713 bytes


----------



## Cookiegal (Aug 27, 2003)

Go to Start - Run - type in msconfig - click OK and click on the Startup tab.

Uncheck the following entry:

*iTunesHelper*

Click "Apply" and OK.

Let me know if that takes care of the "No Disk" error message and also how things are with the system now.


----------



## perfect (Mar 11, 2008)

Hi! Yes, that worked! the "No Disk" Thing doesn't come up anymore. 
The thing about the rest of the system, there are still two more problems.

One is that when I shut down my computer, it sometimes doesn't shut down! It goes to the page where it says windows is shutting down and stays there. I can't do anything. Yesterday, I thought my computer would shut down on its on so went to sleep but then it was on all night. Sometimes a error message also comes up but i don't know what it says because the computer just freezes and i can't move the mouse. If the message appears again, i will write it down and give it!

Another problem is the name thing. I want to change the name of my user on documents and settings. This is because when i am installing anything, especially something like movie maker, it doesn't work and an error message comes up. I think this is because my user name has some weird characters in it that the computer doesn't recognize it! I want to change my user name so that all programs and the computer recognizes it easily.

Thank You!


----------



## Cookiegal (Aug 27, 2003)

It's rather complicated to change the username. You may have to create a new account and transfer the data from the other profile. I suggest that you start a new thread in the XP forum for that.

For the other issue, let's check to see what error messages are logged.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## perfect (Mar 11, 2008)

Hi! I did what you told me to do. There were more error messages then the ones at the bottom but they were like more then a week ago ones. 
Here are the error messages under application:

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 7/1/2008
Time: 10:59:55 AM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/30/2008
Time: 10:25:31 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/30/2008
Time: 2:18:53 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/30/2008
Time: 1:25:18 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/30/2008
Time: 12:56:51 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/29/2008
Time: 8:13:26 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/29/2008
Time: 12:08:55 AM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/28/2008
Time: 11:50:18 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/28/2008
Time: 11:48:49 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/28/2008
Time: 2:10:45 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/28/2008
Time: 11:19:30 AM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/27/2008
Time: 11:01:25 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/27/2008
Time: 11:10:22 AM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/26/2008
Time: 11:31:09 AM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/26/2008
Time: 12:54:28 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 73 68 6d 65 64 in shmed
0038: 69 61 2e 64 6c 6c 20 36 ia.dll 6
0040: 2e 30 2e 32 39 30 30 2e .0.2900.
0048: 35 35 31 32 20 61 74 20 5512 at 
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 63 35 34 0d 000ac54.
0060: 0a .

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 6/25/2008
Time: 11:26:39 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 6/23/2008
Time: 2:44:14 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Faulting application explorer.exe, version 6.0.2900.5512, faulting module shmedia.dll, version 6.0.2900.5512, fault address 0x0000ac54.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 65 78 70 ure exp
0018: 6c 6f 72 65 72 2e 65 78 lorer.ex
0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
0028: 30 30 2e 35 35 31 32 20 00.5512 
0030: 69 6e 20 73 68 6d 65 64 in shmed
0038: 69 61 2e 64 6c 6c 20 36 ia.dll 6
0040: 2e 30 2e 32 39 30 30 2e .0.2900.
0048: 35 35 31 32 20 61 74 20 5512 at 
0050: 6f 66 66 73 65 74 20 30 offset 0
0058: 30 30 30 61 63 35 34 0d 000ac54.
0060: 0a .

These are the error messages under system:

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/1/2008
Time: 10:55:13 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/30/2008
Time: 2:15:23 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/30/2008
Time: 1:21:30 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/30/2008
Time: 12:31:48 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/29/2008
Time: 4:32:37 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/29/2008
Time: 12:02:58 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
gagp30kx
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	System Error
Event Category:	(102)
Event ID:	1003
Date: 6/28/2008
Time: 11:51:13 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Error code 10000050, parameter1 f8c6649e, parameter2 00000000, parameter3 a9fd9ae9, parameter4 00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 31 30 30 30 30 30 35 1000005
0020: 30 20 20 50 61 72 61 6d 0 Param
0028: 65 74 65 72 73 20 66 38 eters f8
0030: 63 36 36 34 39 65 2c 20 c6649e, 
0038: 30 30 30 30 30 30 30 30 00000000
0040: 2c 20 61 39 66 64 39 61 , a9fd9a
0048: 65 39 2c 20 30 30 30 30 e9, 0000
0050: 30 30 30 30 0000

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 6/28/2008
Time: 11:46:53 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

Try uninstalling Windows Live Messenger. If you really want it you can try installing it again. The installation was failing and it keeps trying to install.

Let me know how that goes.


Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## perfect (Mar 11, 2008)

Hi! This is the save list from hijackThis!

32 Bit HP CIO Components Installer
Ad-Aware SE Personal
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 1.6
AV
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
blastofftheme.zip
ccCommon
CIF USB Camera (2110A)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD-CLONER V5.00 Build 960
EPSON Logiciel imprimante
First Step Guide
Free Internet Eraser 2.20
GameSpy Arcade
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP PSC & OfficeJet 4.0
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
ImageMixer VCD2
Ink Monitor
InterVideo WinDVD 8
InterVideo WinDVD Creator
iPod for Windows 2006-06-28
iTunes
iWin Games (remove only)
Java(TM) 6 Update 6
Kaspersky Online Scanner
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 4.18.2
LiveUpdate 3.2 (Symantec Corporation)
Macromedia Flash Player
Magic DVD Ripper V5.3 build 4
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
MixPad
Mozilla Firefox (2.0.0.14)
MSN Music Assistant
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Need For Speed Underground
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
ObjectDock
OJOsoft Total Video Converter
Pack Vista Inspirat 2 1.0
PDF Settings
PhotoNow! 1.0
Photosmart 320,370,7400,8100,8400 Series
Picture Package
PowerDirector
PowerISO
Pure Networks Network Magic
QuickBooks Premier: Accountant Edition 2007
QuickTime
RealPlayer
RelevantKnowledge
Rhapsody Player Engine
Rogers Yahoo! Applications
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic RecordNow!
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony USB Driver
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
Total Video Converter 3.11 070908
Unlocker 1.8.5
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
WavePad Uninstall
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Browser Services

About the windows live messenger, it doesn't work even now. I think this started happening after Service Pack 3 was installed onto my computer automatically. This is the message that occurs when I try to open Windows Live Messenger!


----------



## Cookiegal (Aug 27, 2003)

That's the exact message I'm seeing in the Event Viewer.

Go to Control Panel - Add/Remove programs and remove these:

*iWin Games
blastofftheme.zip
RelevantKnowledge
Windows Live Messenger*

You should also remove *LimeWire *as it's a large part of the problem with viruses.

Let me know how things are after doing the above.


----------



## perfect (Mar 11, 2008)

Hi! I removed all the programs you told me remove but *blastofftheme.zip* did not get uninstalled. It said "*Could not open INSTALL.LOG file.*" That was the only problem. 
Also I really need to use Windows Live Messenger because I use it almost everyday. Can I reinstall it again, please?


----------



## Cookiegal (Aug 27, 2003)

Yes, of course you can reinstall Windows Live Messenger. Let's hope it installs without any problems this time. 

We'll check the registry for keys regarding the blastofftheme that should enable us to uninstall it.

Download the Registry Search Tool here:

http://www.billsway.com/vbspage/

Unzip it and double click on the file to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

*blastofftheme*

Copy and paste the results here please.


----------



## perfect (Mar 11, 2008)

Hi This is the log but there was an error message that came up as well which is this:










And This is the Log:

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "blastofftheme" 7/2/2008 7:05:54 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blastofftheme.zip]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\blastofftheme.zip]
"DisplayName"="blastofftheme.zip"

This Message Also came up when i closed the other error message.










p.s I will try to reinstall Windows Live Messenger later on and let you know how it goes.


----------



## perfect (Mar 11, 2008)

Hi! I now also downloaded Windows Live Messenger again and it works perfectly. Thank You for that!


----------



## Cookiegal (Aug 27, 2003)

I'm attaching a RemoveBlastoff.zip file. Save it to your desktop. Unzip it and double-click the Remove Blastoff.reg file and allow it to enter into the registry.

Reboot the computer and post a new HijackThis uninstall list please along with a new HijackThis default scan log.


Also, check the Event Viewer again and post any errors that show in red that have occurred since you Uninstalled and reinstalled Windows Live Messenger.


----------



## perfect (Mar 11, 2008)

Hi! I did the registry thing and also this is the uninstall list from hijackThis:

32 Bit HP CIO Components Installer
Ad-Aware SE Personal
Adobe After Effects CS3
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 7.0.9
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Agere Systems PCI Soft Modem
AppCore
Apple Mobile Device Support
Apple Software Update
ArcSoft VideoImpression 1.6
AV
AVS DVDMenu Editor 1.2.1.19
AVS Video Converter 5.6
AVS4YOU Software Navigator 1.2
ccCommon
CIF USB Camera (2110A)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD-CLONER V5.00 Build 960
EPSON Logiciel imprimante
First Step Guide
Free Internet Eraser 2.20
GameSpy Arcade
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
HP Customer Participation Program 8.0
HP Deskjet All-In-One Software 8.0
HP Imaging Device Functions 8.0
HP Photosmart Essential
HP PSC & OfficeJet 4.0
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPSSupply
ImageMixer VCD2
Ink Monitor
InterVideo WinDVD 8
InterVideo WinDVD Creator
iPod for Windows 2006-06-28
iTunes
Java(TM) 6 Update 6
Kaspersky Online Scanner
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.2 (Symantec Corporation)
Macromedia Flash Player
Magic DVD Ripper V5.3 build 4
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Halo
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
MixPad
Mozilla Firefox (2.0.0.15)
MSN
MSN Music Assistant
MSN Toolbar
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Need For Speed Underground
Nero 8
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
ObjectDock
OJOsoft Total Video Converter
Pack Vista Inspirat 2 1.0
PDF Settings
PhotoNow! 1.0
Photosmart 320,370,7400,8100,8400 Series
Picture Package
PowerDirector
Pure Networks Network Magic
QuickBooks Premier: Accountant Edition 2007
QuickTime
RealPlayer
Rhapsody Player Engine
Rogers Yahoo! Applications
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB947801)
Security Update for Outlook 2007 (KB946983)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update for Visio 2007 (KB947590)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
SmartSound Quicktracks Plugin
Sonic Express Labeler
Sonic RecordNow!
Sony ACID Pro 6.0
Sony Media Manager 2.2
Sony USB Driver
SPBBC 32bit
Spybot - Search & Destroy
Symantec Real Time Storage Protection Component
SymNet
Total Video Converter 3.11 070908
Unlocker 1.8.5
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb950378)
WavePad Uninstall
Windows Imaging Component
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
Yahoo! Browser Services

These are the errors on the Event Viewer list.
*Under Application*

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 7/3/2008
Time: 11:02:01 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Hanging application CoverDes.exe, version 3.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 6f 76 65 72 44 CoverD
0018: 65 73 2e 65 78 65 20 33 es.exe 3
0020: 2e 30 2e 31 2e 30 20 69 .0.1.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 7/3/2008
Time: 11:02:01 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Hanging application CoverDes.exe, version 3.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 6f 76 65 72 44 CoverD
0018: 65 73 2e 65 78 65 20 33 es.exe 3
0020: 2e 30 2e 31 2e 30 20 69 .0.1.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 7/3/2008
Time: 11:02:01 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Hanging application CoverDes.exe, version 3.0.1.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 43 6f 76 65 72 44 CoverD
0018: 65 73 2e 65 78 65 20 33 es.exe 3
0020: 2e 30 2e 31 2e 30 20 69 .0.1.0 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Event Type:	Error
Event Source:	Application Hang
Event Category:	(101)
Event ID:	1002
Date: 7/3/2008
Time: 10:47:12 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Hanging application ccApp.exe, version 106.2.0.21, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 48 61 6e 67 ion Hang
0010: 20 20 63 63 41 70 70 2e ccApp.
0018: 65 78 65 20 31 30 36 2e exe 106.
0020: 32 2e 30 2e 32 31 20 69 2.0.21 i
0028: 6e 20 68 75 6e 67 61 70 n hungap
0030: 70 20 30 2e 30 2e 30 2e p 0.0.0.
0038: 30 20 61 74 20 6f 66 66 0 at off
0040: 73 65 74 20 30 30 30 30 set 0000
0048: 30 30 30 30 0000

Event Type:	Error
Event Source:	MsiInstaller
Event Category:	None
Event ID:	10005
Date: 7/2/2008
Time: 12:52:37 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
Product: Windows Live Messenger -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2771. The arguments are: MsgrFeat, ,

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 7b 35 30 38 43 45 37 37 {508CE77
0008: 35 2d 34 42 41 34 2d 34 5-4BA4-4
0010: 37 34 38 2d 38 32 44 46 748-82DF
0018: 2d 46 45 32 38 44 41 39 -FE28DA9
0020: 46 30 33 42 30 7d F03B0}

*Under System*

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/4/2008
Time: 12:07:28 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/3/2008
Time: 11:08:50 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 7/3/2008
Time: 10:40:45 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The Symantec Core LC service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 7/3/2008
Time: 10:40:31 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Timeout (30000 milliseconds) waiting for the Symantec Core LC service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/3/2008
Time: 10:40:18 PM
User: YOUR-4F1261A8E5\##~~cHiRaG~~##
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service Symantec Core LC with arguments "-Service" in order to run the server:
{60C70E11-2B08-4798-B366-C8450CDA7B1A}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/3/2008
Time: 10:19:06 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/3/2008
Time: 9:56:51 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

_*
Those were all the error messages since 2 days ago. One this I saw on the Event Viewer window is that there were also warnings there but I do not know if you want me to post them or not. Do you want me to post them.*_


----------



## perfect (Mar 11, 2008)

*This is the HijackThis Log file.*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:44 AM, on 7/4/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\System32\svchost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\progra~1\mozill~1\firefox.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CPrintEnhancer Object - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 12212 bytes


----------



## Cookiegal (Aug 27, 2003)

No, warnings are not necessary.

How are things now?


----------



## perfect (Mar 11, 2008)

Hi! I do not see any major problems right now but one thing I want to do is delete account folders from documents and setting for which the accounts do not exist or do not open. There are two folders I want to delete but they say "access denied". I know I have to take ownership of the folder but I tried that but it didn't work. I used the instructions from this site:
http://support.microsoft.com/kb/308421/en-us
From that site i tried to follow the instruction but i see that there is no security tab for the folders. These are the folders:

C:\Documents and Settings\~~~~~SHIVANI~~~~~

C:\Documents and Settings\Harish

Thank You!


----------



## Cookiegal (Aug 27, 2003)

Are you running XP Home or Pro?

If Home, did you follow those instructions in safe mode? The Security tab is only visible in safe mode in XP Home.


----------



## perfect (Mar 11, 2008)

Hi! I use XP Home. I never knew about the safe mode thing. I will do that now. Thank You!


----------



## Cookiegal (Aug 27, 2003)

Let me know how it goes please.


----------



## perfect (Mar 11, 2008)

wow.. It WORKED! This is great. Now I guess I have no problems unless you see any. please do tell me if you notice that something is wrong.

Now what I am going to do is change my user name. Remember, we were talking about this and you asked me to post in another section. I did that and they told me that I have to create a new account and transfer all my folders and files to that account and delete this one. This is what I am going to now.

Oh! One more thing that doesn't work on my computer is when I attach a microphone, I can't exactly use it because when I use regular sound recorder to record something, a message comes up saying:

*Your audio hardware cannot record into files like the current file. To record, create a new document.*

It would be great if you could help me with this. I tried to figure it out myself but it didn't work. I looked here http://support.microsoft.com/kb/284886 to help myself but the thing is that I use microsoft word 2007 and it doesn't have a tools menu.

Thank You!


----------



## Cookiegal (Aug 27, 2003)

Do you have Speech Recognition installed?


----------



## perfect (Mar 11, 2008)

I am not sure about that. How do I find out?


----------



## Cookiegal (Aug 27, 2003)

Can you tell me exactly what it is you're trying to do that doesn't work? Are you trying to embed a music file in Word?


----------



## perfect (Mar 11, 2008)

Hi! No, I am just trying to use my microphone to record something in regular sound recorder. As soon as I click the record button, the message pops up and I can't record anything. I also tried to use the microphone with windows live messenger to try to talk to someone across the town but it doesn't work there either.


----------



## Cookiegal (Aug 27, 2003)

I assume this has worked before?


----------



## perfect (Mar 11, 2008)

yes, it did work before but LONG TIME AGO! like about 2 years ago.


----------



## Cookiegal (Aug 27, 2003)

First, are you sure the microphone is connected properly?

I assume it is but had to ask. 

I see these are unchecked in msconfig. Try checking them.

*High Definition Audio Property Page Shortcut
SoundMan*

Let me know if that makes any difference.


----------



## perfect (Mar 11, 2008)

Hi! Yeah, the microphone is connected properly. 

I did what you told me to do and NO LUCK! It did not work. 

It is okay that, that doesn't work. not extremely concerned about it. Now what is REALLY important is that my DVD Burner doesn't work. I tried using all sorts of different softwares to burn my home videos but it doesn't work. It used to work and I used to burn DVDs all the time. My family uses the DVD Burner a lot as well. I haven't used the DVD for a few days because we were fixing other things on the computer, but last week when I tried to burn something using a software, it said burnt successfully but when I try to play the DVD it doesn't work and says zero files or folders in this DVD. I thought it was the software problem but since last week I tried to use different softwares and it doesn't work. so now I know that there is something wrong with the DVD Burner. The computer does play DVDs that were burnt long time ago or ones I bought but cannot burn anything. Can you help me with this? I REALLY NEED TO FIX THIS. I always like doing things with videos and then burning them. It is my hobby. 

p.s I AM SO SORRY! I KNOW I AM BOTHERING YOU A LOT BUT I JUST WANT MY FAMILY COMPUTER TO RUN PROPERLY. THANK YOU VERY MUCH FOR ALL THAT YOU ARE DOING FOR ME!


----------



## Cookiegal (Aug 27, 2003)

What program do you normally use to burn? I see you have Nero 8 but that was only installed over the last few days.


----------



## Cookiegal (Aug 27, 2003)

Looking back over the thread I see that Windows Media Player has been damaged and was likely infected by the AWF infection.

I would try uninstalling it and reinstalling it.


----------



## perfect (Mar 11, 2008)

Hi! I will unistall windows Media Player and then reinstall it. 

I normally use Intervideo WinDVD Creator to burn movies. I just installed Nero a few days ago to see if i can burn DVDs but it doesn't work.


----------



## Cookiegal (Aug 27, 2003)

Go ahead with uninstalling and reinstall Windows Media Player. Even if it's not related to the problem it has been damaged. Let me know though if by chance it does fix the problem.

There may also be a policy set somewhere to prevent the burning so let's do this:

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All User Accounts*
Under Drivers select the radio button for *All*
Check the Radio buttons for Files/Folders Created Within *90 Days* and Files/Folders Modified Within *90 Days* 
Under Additional Scans check the following:
Reg - BotCheck
Reg - Disabled MS Config Items
Reg - Software Policy Settings
Evnt - EventViewer Errors/Warnings (last 7 days)

Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload Notepad file here as an attachment please.


----------



## perfect (Mar 11, 2008)

Hi! I uninstalled and then reinstalled Media Player but it did not help the DVD Burning thing. 
Anyways, I did the scan but the log is bigger in size that what i can upload. The forum only allows 500.00kb of upload but my scan log file is 506.06 kb. 
How do I upload it?


----------



## Cookiegal (Aug 27, 2003)

Please upload it as an attachment.

Click on "Manage Attachments" then "Browse" to locate the file on your computer then "Open" the file and click on "Upload". Finally submit the reply.


----------



## perfect (Mar 11, 2008)

I did that, That is where it doens't upload. The limit there is 500kb.


----------



## Cookiegal (Aug 27, 2003)

Sorry. Please split it into two separate uploads.


----------



## perfect (Mar 11, 2008)

Hi! Finally manged to upload them in two files.


----------



## Cookiegal (Aug 27, 2003)

There are some errors about bad blocks. Please go to the Event Viewer again and post all errors showing in red under both "Application" and "System" since (and including) July 5th.

After getting those out, let's run chkdsk.

Click Start and My Computer. Right-click the hard drive you want to check, and click Properties. Select the Tools tab and click Check Now. Check both boxes. Click Start. You'll get a message that the computer must be rebooted to run a complete check. Click Yes and reboot. Chkdsk will take awhile, so run it when you don't need to use the computer for something else.

To view results log:

Go to *Start *- *Run *and type in *eventvwr.msc*, and hit enter.
When Event Viewer opens, click on "Application", then scroll
down to "Winlogon" and double-click on it to open it up. This is the log
created after running chkdsk. Click on the icon that looks like two pieces of paper to copy it and then paste it here please.


----------



## perfect (Mar 11, 2008)

Hi! This is the Event Viewer errors. I will chkdsk now. The one in bold was repeated 35 times and it would have taken me forever to copy and paste every single of them.

Event Type:	Error
Event Source:	Automatic LiveUpdate Scheduler
Event Category:	Scheduler Events 
Event ID:	101
Date: 7/6/2008
Time: 9:32:18 AM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4F1261A8E5
Description:
Information Level: error

Initialization of the COM subsystem failed. Error code: 0x8007041D

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 7/6/2008
Time: 12:22:56 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Faulting application acrord32.exe, version 7.0.8.218, faulting module acrord32.dll, version 7.0.8.218, fault address 0x000c882d.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 61 63 72 ure acr
0018: 6f 72 64 33 32 2e 65 78 ord32.ex
0020: 65 20 37 2e 30 2e 38 2e e 7.0.8.
0028: 32 31 38 20 69 6e 20 61 218 in a
0030: 63 72 6f 72 64 33 32 2e crord32.
0038: 64 6c 6c 20 37 2e 30 2e dll 7.0.
0040: 38 2e 32 31 38 20 61 74 8.218 at
0048: 20 6f 66 66 73 65 74 20 offset 
0050: 30 30 30 63 38 38 32 64 000c882d
0058: 0d 0a ..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 7/5/2008
Time: 6:11:12 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Faulting application firefox.exe, version 1.8.20080.62306, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 66 69 72 ure fir
0018: 65 66 6f 78 2e 65 78 65 efox.exe
0020: 20 31 2e 38 2e 32 30 30 1.8.200
0028: 38 30 2e 36 32 33 30 36 80.62306
0030: 20 69 6e 20 75 6e 6b 6e in unkn
0038: 6f 77 6e 20 30 2e 30 2e own 0.0.
0040: 30 2e 30 20 61 74 20 6f 0.0 at o
0048: 66 66 73 65 74 20 30 30 ffset 00
0050: 30 30 30 30 30 30 0d 0a 000000..

Event Type:	Error
Event Source:	Application Error
Event Category:	None
Event ID:	1000
Date: 7/5/2008
Time: 4:51:11 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Faulting application moviemk.exe, version 2.1.4026.0, faulting module qedit.dll, version 6.5.2600.5512, fault address 0x0001b2f1.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 6d 6f 76 ure mov
0018: 69 65 6d 6b 2e 65 78 65 iemk.exe
0020: 20 32 2e 31 2e 34 30 32 2.1.402
0028: 36 2e 30 20 69 6e 20 71 6.0 in q
0030: 65 64 69 74 2e 64 6c 6c edit.dll
0038: 20 36 2e 35 2e 32 36 30 6.5.260
0040: 30 2e 35 35 31 32 20 61 0.5512 a
0048: 74 20 6f 66 66 73 65 74 t offset
0050: 20 30 30 30 31 62 32 66 0001b2f
0058: 31 0d 0a 1..

_*This is from the system now.*_

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/7/2008
Time: 10:22:40 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/6/2008
Time: 4:21:07 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/6/2008
Time: 3:20:43 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/6/2008
Time: 12:26:28 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7000
Date: 7/6/2008
Time: 9:32:25 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The LiveUpdate service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 7/6/2008
Time: 9:32:25 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/6/2008
Time: 9:32:17 AM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service LiveUpdate with arguments "" in order to run the server:
{03E0E6C2-363B-11D3-B536-00902771A435}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/6/2008
Time: 9:28:19 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*Event Type:	Error
Event Source:	Disk
Event Category:	None
Event ID:	7
Date: 7/6/2008
Time: 12:07:34 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The device, \Device\Harddisk5\D, has a bad block.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 03 00 68 00 01 00 b6 00 ..h...¶.
0008: 00 00 00 00 07 00 04 c0 .......À
0010: 00 01 00 00 9c 00 00 c0 ....œ..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 04 2e 97 00 00 00 00 ...-....
0028: d3 3b 1b 00 00 00 00 00 Ó;......
0030: ff ff ff ff 01 00 00 00 ÿÿÿÿ....
0038: 40 00 00 c4 02 00 00 00 @..Ä....
0040: 00 20 0a 12 40 02 20 40 . [email protected] @
0048: 00 00 00 00 0a 00 00 00 ........
0050: 00 00 00 00 40 a9 a0 fd [email protected]© ý
0058: 00 00 00 00 00 ca ee fd .....Êîý
0060: 00 00 00 00 02 97 4b 00 .....-K.
0068: 28 00 00 4b 97 02 00 00 (..K-...
0070: 08 00 00 00 00 00 00 00 ........
0078: f0 00 03 00 00 00 00 0b ð.......
0080: 00 00 00 00 11 00 00 00 ........
0088: 00 00 00 00 00 00 00 00 ........
* _(repeated 35 times)_

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/5/2008
Time: 4:25:27 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7009
Date: 7/5/2008
Time: 4:25:25 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Timeout (30000 milliseconds) waiting for the QuickBooks Database Manager Service service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/5/2008
Time: 4:22:18 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
AFD
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
SASKUTIL
SPBBCDrv
SRTSP
SRTSPX
SYMTDI
Tcpip

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7001
Date: 7/5/2008
Time: 4:11:51 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: 
A device attached to the system is not functioning.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/5/2008
Time: 4:11:29 PM
User: YOUR-4F1261A8E5\Administrator
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service StiSvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/5/2008
Time: 4:11:21 PM
User: YOUR-4F1261A8E5\Administrator
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service netman with arguments "" in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	DCOM
Event Category:	None
Event ID:	10005
Date: 7/5/2008
Time: 4:11:15 PM
User: NT AUTHORITY\SYSTEM
Computer:	YOUR-4F1261A8E5
Description:
DCOM got error "This service cannot be started in Safe Mode " attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type:	Error
Event Source:	NetBT
Event Category:	None
Event ID:	4321
Date: 7/5/2008
Time: 11:16:27 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.103. The machine with the IP address 192.168.1.100 did not allow the name to be claimed by this machine.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 04 00 56 00 ......V.
0008: 00 00 00 00 e1 10 00 c0 ....á..À
0010: 01 01 00 00 01 00 00 c0 .......À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type:	Error
Event Source:	Service Control Manager
Event Category:	None
Event ID:	7026
Date: 7/5/2008
Time: 11:16:06 AM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
The following boot-start or system-start driver(s) failed to load: 
SASKUTIL

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## Cookiegal (Aug 27, 2003)

OK, I'm going to ask someone else to help with these errors.

In the meantime, there seems to be a problem with the SuperAntiSpyware drivers so you might as well uninstall that program.


----------



## perfect (Mar 11, 2008)

HI! i will uninstall SuperAntiSpyware. This is the log from the chkdsk.

Event Type:	Information
Event Source:	Winlogon
Event Category:	None
Event ID:	1001
Date: 7/7/2008
Time: 4:17:01 PM
User: N/A
Computer:	YOUR-4F1261A8E5
Description:
Checking file system on C:
The type of the file system is NTFS.
Volume label is HP_PAVILION.

A disk check has been scheduled.
Windows will now check the disk. 
Cleaning up minor inconsistencies on the drive.
Cleaning up 2449 unused index entries from index $SII of file 0x9.
Cleaning up 2449 unused index entries from index $SDH of file 0x9.
Cleaning up 2449 unused security descriptors.
CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.

187382159 KB total disk space.
96885844 KB in 260648 files.
105804 KB in 23985 indexes.
0 KB in bad sectors.
513263 KB in use by the system.
65536 KB occupied by the log file.
89877248 KB available on disk.

4096 bytes in each allocation unit.
46845539 total allocation units on disk.
22469312 allocation units available on disk.

Internal Info:
20 f3 04 00 e4 57 04 00 19 ff 06 00 00 00 00 00 ....W..........
ad 0e 00 00 01 00 00 00 00 11 00 00 00 00 00 00 ................
d8 cf 69 07 00 00 00 00 8a 23 70 c3 00 00 00 00 ..i......#p.....
2c 1f 62 25 00 00 00 00 fa 78 e4 ee 09 00 00 00 ,.b%.....x......
ac c1 9e 99 04 00 00 00 2e 1e 67 88 0f 00 00 00 ..........g.....
99 9e 36 00 00 00 00 00 20 3e 07 00 28 fa 03 00 ..6..... >..(...
00 00 00 00 00 50 71 19 17 00 00 00 b1 5d 00 00 .....Pq......]..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I am not sure if that is what you were looking for or not. 
And, thank you!


----------



## perfect (Mar 11, 2008)

Hi! I tried to remove SuperAntispyware from add/remove programs but it is not there. How do I uninstall it if it is not there?


----------



## Cookiegal (Aug 27, 2003)

Yes, that's it. Thanks.

I've asked a friend to help with those errors as he knows much more about those things than I do so please wait for him to post.


----------



## Cookiegal (Aug 27, 2003)

You must have uninstalled it before then but its service remains and keeps trying to start although the file is missing so we'll delete it:

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete SASKUTIL*

Then press Enter

Type Exit


----------



## perfect (Mar 11, 2008)

Hi! I did that. Now what do I do? Do you have anything for me to do?


----------



## Cookiegal (Aug 27, 2003)

You could go get a nice tall, cold glass of iced tea and sip it slowly.


----------



## perfect (Mar 11, 2008)

Yes, I could do that and try to relax but will I do that? I don't Know!


----------



## Cookiegal (Aug 27, 2003)

The microphone issue is the only problem that remains, correct?


----------



## perfect (Mar 11, 2008)

Uhm, I haven't tried the DVD Burning problem. I hope it works. I will try that now.


----------



## Cookiegal (Aug 27, 2003)

OK, let us know.


----------



## perfect (Mar 11, 2008)

Okay, I will let you know.


----------



## perfect (Mar 11, 2008)

It doesn't work. I tried burning it and it doesn't work.


----------



## Cookiegal (Aug 27, 2003)

Right. Sorry, I forgot about the burner. Rollin' Rog might have some ideas on that as well.


----------



## perfect (Mar 11, 2008)

Hi! Rollin' Rog? Who is that? or What is that?


----------



## Cookiegal (Aug 27, 2003)

He's the person I asked to help with this.


----------



## Rollin' Rog (Dec 9, 2000)

I don't see any problems in error log that I think would affect the Sound Recorder, other than the possiblity of corrupt files.

Can you do this:

1.	Click Start, and then click Run.
2.	In the Open box, type sndvol32.exe, and then click OK.
3.	Click Properties on the Options menu.
4.	In the Adjust volume for box, click Recording.
5.	Click OK.
6.	In the Microphone box, verify that the Select check box is selected.

All the properties listed on the Playback section of the Volume control are independent of the recording settings. So you could record through the microphone by selecting it on the recording section, and mute it on the playback section. Then, you could record sound, but wouldn't hear it through the speakers while you are recording.

>> Also in the Control Panel > Sounds And Audio Devices -- under both the Audio and Voice tabs, is your installed Sound Card device selected as the default recording device?

>> And also in the Control Panel do you have a "Speech" applet with an option to adjust the Microphone settings automatically? I find this the best method -- it comes with certain Office products, but is not a default option.

>> Could you summarize the problem with DVD burning if that is an issue too -- usually I find these things are due to hardware itself and means the drive needs to be replaced.

>> if general Performance (read "slow") issues are still present could you answer the questions below? (check item 6 in particular) >>

PERFORMANCE QUESTIONS:

0 > when did the problem seem to be begin?
1 > is it very slow to boot up?
2 > do programs open slowly?
3 > does the same behavior occur both on and off the internet. Or with no connection at all?
4 > does it matter how long the system has been on, and does a restart improve things?

Slow performance issues can often be due to overheating, so if the system is faster after it has been shutdown for a while and then restarted -- that would be especially suspect. To check for possible problems here, shutdown, open the case and blow out any accumulated dust. Then turn it
on and check to see that the fan is working. Sometimes it helps to physically clean the fan.

If a laptop, check to see that the vent is clear of dust and verify the fan is working. Temps and fan speed can usually be monitored with SpeedFan (except on Dell desktops), a free utility.

5 > if you do a ctrl-alt-del, do any processes show excess cpu usage, other than System Idle Process?

6 > If you open the Device Manager (run * devmgmt.msc*) and select the entry for IDE ATA/Atapi and select the Primary IDE > Advanced Settings, does it say the "_*current transfer mode*_" is Ultra DMA or PIO?

If it says PIO or even just DMA (rather than "ULTRA" DMA, first ensure "Use DMA if Available" is selected, then select the driver tab and uninstall the driver and reboot. Then check again.

*note that the above will not apply to RAID drive configurations.

Alternately you can run the script on this page >> http://winhlp.com/node/10

____________________________________________________________________________
COMMIT CHARGE

Do ctrl-alt-del to open up the task manager. Select the "performance" tab. Let me know what you see under:

*Physical Memory*

*Total:* this is your total installed ram -- "physical" memory
*Available:* this is the amt of real "physical" memory presently uncommitted

*Commit Charge*

*Total:* this is the combination of total physical and virtual memory currently in use
*Limit:* this is the total physical and virtual memory available
*Peak:* this is the most you have had in use in this session


----------



## perfect (Mar 11, 2008)

Hi! Thank you for helping me. First things first. I can't click recording because it is grayed out. Like This:










_>> Also in the Control Panel > Sounds And Audio Devices -- under both the Audio and Voice tabs, is your installed Sound Card device selected as the default recording device?_

Secondly, I don't know what my installed sound card is so I can't check if it is set as default.

_ >> And also in the Control Panel do you have a "Speech" applet with an option to adjust the Microphone settings automatically? I find this the best method -- it comes with certain Office products, but is not a default option._

and Finally, I don't understand what you mean here because I do not see anything to adjust the Microphone settings automatically. I clicked "speech" in control panel but i do not see anything about changing it to automatically.


----------



## perfect (Mar 11, 2008)

Now To answer your performance questions.

*PERFORMANCE ANSWERS:*

0 > when did the problem seem to be begin?
==> *If you are asking about the microphone, i am not sure but it was long time ago. I never knew how to fix it so I just left it alone until I got a chance to ask someone. If you want know about the DVD Burner, this problem started occurring about a week ago.*

1 > is it very slow to boot up?
==>*No, not really but I can't exactly tell what slow means in this case. I do believe that it might be slower than the ones that are on model in computer stores. *

2 > do programs open slowly?
==> *Yes, sometimes programs do open slowly than usual, and sometimes really slowly. for example, when I open my computer, I see that browsing thing before I see all the stuff.*

3 > does the same behavior occur both on and off the internet. Or with no connection at all?
==> *I am not sure because my internet is always connected so, I haven't tried it off internet. *

4 > does it matter how long the system has been on, and does a restart improve things?
==> *I am not exactly sure about this.*

5 > if you do a ctrl-alt-del, do any processes show excess cpu usage, other than System Idle Process?
==> *No, only System Idle Process.*

6 > If you open the Device Manager (run devmgmt.msc) and select the entry for IDE ATA/Atapi and select the Primary IDE > Advanced Settings, does it say the "current transfer mode" is Ultra DMA or PIO?
==>*It says Ultra DMA *


----------



## perfect (Mar 11, 2008)

*Physical Memory*

Total: *515376*
Available: *157380* _(changing)_
Total Chache: *221520* _(changing)_
*
Commit Charge*

Total: *595640* _(changing)_
Limit: *1257740*
Peak: *658168 *


----------



## perfect (Mar 11, 2008)

>> Could you summarize the problem with DVD burning if that is an issue too -- usually I find these things are due to hardware itself and means the drive needs to be replaced.

==> Okay, for the DVD Burning, I was trying to burn a video las week using WinDVD creator so I put in a blank DVD and then clicked burn and after a while it said DVD burnt successfully. When I went to check if the DVD works, it didn't. I put it in the driver and went to my computer, it said that there are no files in the dvd. I tried burning it again in the same DVD and it didn't work and said "insert a new disc". I inserted a new disc and the same problem occurred as it said dvd burnt successfully and then said has 0 files in the dvd. I tried many different softwares to see if it works, but it doesn't work with anything. 

I do not want to replace and get a new dvd burner. I hope there is a way I can fix this here.


----------



## Rollin' Rog (Dec 9, 2000)

It looks like you may need to reinstall your Sound Card drivers.

To determine what this is you can check the Device Manager under Sound, Video and Audio Controllers.

You can also run *dxdiag* and click on the Sound tab once it opens.

Let me know both the Sound Card model and the Computer model itself. It looks like Realtek -- but you will probably need to get them from the Computer Vendor's support site for your model -- or possibly the motherboard vendor.

As for the DVD issue -- have you tried another burning application?

For example you can try a simple freebee like "DeepBurner". The portable version is especially useful -- no installation required:

http://www.deepburner.com/index.php?r=download

>> Finally you may have a resource issue -- but this should not affect the Microphone. You are showing current and peak Memory usage values roughly equal to your installed ram.

Recommendation here would be to install additional ram -- you need at least 1 gb. You should also reduce the number of starting programs in msconfig > Startups.

You do not need any media players, burning startups or update checkers loading automatically, for example.


----------



## perfect (Mar 11, 2008)

Hi! I got my sound card information from device manager and it was Realtek.

Sound Card: *Realtek ALC 880 chipset*

Computer System: *HP Pavilion a1020n Desktop PC*

For more information on my computer, you can use the link below.
http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00303942&cc=us&lc=en&dlc=en&product=459880

As for the DVD, I am using the software you showed me and trying to burn from there. I will let you know how it goes.

I will try to get another ram and remove some start up programs.


----------



## perfect (Mar 11, 2008)

I burnt something using DeepBurner and it worked, but it is not same, as it doesn't have a menu when i insert a disc to my dvd player. It basically loads a "file" into a dvd right? To be totally honest, I want to use my other softwares for burning but it doesn't work. 
Is there a way I can get back to my other software to make it work? Thank You!


----------



## Rollin' Rog (Dec 9, 2000)

Ok, your Realtek driver update is available here:

http://h10025.www1.hp.com/ewfrf/wc/softwareList?os=228&lc=en&cc=us&dlc=en&product=459880

For an over the top update just follow the instructions on the download link -- that should work in most instances.

You may have to go back to the Control Panel Sounds and Audio Devices applet and check to see if the Microphone option is now available and/or you see a new "default" device option available in the selection list. Realtek should also have its own audio properties interface for these devices usually available from the system tray.

For the DVD problem -- the fact that Deepburner works means there is no hardware problem.

You will need to uninstall whatever DVD burning application you are currently using and try reinstalling it. You will also find that application on the downloads and drivers site for your HP model.

Correct me if this doesn't seem right, but I think it's the Intervideo WinDVD update under Software - Multimedia

You might want to create a System Restore point before beginning any of this.


----------



## perfect (Mar 11, 2008)

Hi! My microphone works now.

*THANK YOU SO MUCH!!*

One thing I do not get or didn't get all this years since I have been using computer is how to create a system restore point and how to use that. Can you help me with that if you do not mind. I know I am asking for a lot but I am just new to all this "technical" stuff. 

Can I download InterVideo WinDVD update without creating a system restore point?


----------



## Rollin' Rog (Dec 9, 2000)

Actually most installs that use the Microsoft installer will create a restore point as part of the install.

But I always create one manually anyway -- and this would be especially advisable now that your Mic is working (glad to hear that).

Just run *msconfig* and select > Launch System Restore. You will see an option to create a restore point there. Check it and click "next". Name it anything you like under "description".

By the way, save these updates in a safe location (safe from System Restore, for example). This would be any place in My Documents. I keep a separate folder for such setup downloads.

You may need to re-run one.


----------



## perfect (Mar 11, 2008)

Hi! 
MY DVD BURNER WORKS NOW! WOW! 

*THANK YOU SOOOOOOOOO MUCHH!!!! *

I AM SO HAPPYY! I do not how to thank you enough! you are simply great.

I do not think I have any more problems with my computer right now, unless you tell me that I do. 

Thank you once again, Rollin' rog!

-----------------------------------------------------------------------------------------
*
Thank You Cookiegal. *
You are the best!

Thank you for fixing all my computer problems and replying to all my problams. I am sorry for loading you with a million different problems and you solved all of them. (I think, unless there are still any more left!). Thank you for sending Rollin' rog to help me with my DVD Burner problem and Microphone problem. I can't thank you enough either.

Are you sure my computer is completely fixed? Are you sure you do not have anything for me to do?  I can't believe it! It is great. (By the way, I hope you are reading this. )

Once again *THANK YOU SOOO MUCHH!!!*

BY THE WAY, THIS IS MY 150th POST ON THIS FORUM!


----------



## Cookiegal (Aug 27, 2003)

I knew Rog would get you fixed up with those problems. A big thanks to Rog from me too. :up:

For my part, you are quite welcome. Some of these battles are more challenging than others but I never like to let the bad guys win. 

Now, I would like to see one final HijackThis log please so I can see if everything looks good and then I'll post some final instructions for you to help keep your computer clean in the future.


----------



## Rollin' Rog (Dec 9, 2000)

Hey that's great to hear, and y'all are most welcome !


----------

