Please Help!!!!!!!!!!!!!
I am hoping that you are able to help clean up my sons computer.
His computer is running so slow. Have tried running programmes like Ad Aware and they start out running ok and get halfway through the scan until it says it is scanning internally and then the programme just comes to a complete halt and won't complete. It says that there are 225 problems but unable to fix them.
When a brower is opened all sorts of odd pop ups also open at the same time. You seem to need to double click everything twice before it will open.
We would appreciate any help.
Thanks in advance.
His computer is running so slow. Have tried running programmes like Ad Aware and they start out running ok and get halfway through the scan until it says it is scanning internally and then the programme just comes to a complete halt and won't complete. It says that there are 225 problems but unable to fix them.
When a brower is opened all sorts of odd pop ups also open at the same time. You seem to need to double click everything twice before it will open.
We would appreciate any help.
Thanks in advance.
0
This discussion has been closed.
Comments
My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.
Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.
If you follow these instructions, everything should go smoothly.
:install hijackthis:
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.
Gringo
Thank you so much for your response.
Here are the Hijack This logs that you have requested.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:18 PM, on 6/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NavigationEnhancer - {391C0909-C026-3B63-FFDB-93FFF4E81675} - C:\Program Files\NavigationEnhancer\NavigationEnhancer-4.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [MDNS] C:\WINDOWS\system32\service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5437 bytes
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Reader 8.1.1
AVG 7.5
Brother HL-2040
Canon CanoCraft CS-P 3.7
Canon ScanGear Toolbox CS
CleanUp!
C-Media WDM Audio Driver
Eureka's 1000 Games
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Java(TM) 6 Update 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
MSXML 6.0 Parser (KB933579)
NavigationEnhancer
NETGEAR WG311v3 PCI Adapter
Picasa 2
PSP Video 9 2.25
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Ulead Photo Express 2.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Video Piggy
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Please let me know if there is any other information that you require from me.
Thanks.
Shaz
:disable Ad-Aware 2007:
First please disable Ad-Aware 2007 as it may interfere with repairs.
:run combofix:
Download
Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofixLink 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall
:information and logs:
In your next post I need the following
1.log from combofix 2.new log from hijackthis
Gringo
: three day bump :
It has been three days since my last post.
Gringo
Thanks for your help. Sorry that I haven't been able to respond any sooner but I have had internet access issues and have just got internet access back this morning.
Here are the two log files that you have requested.
ComboFix 08-05-11.1 - Boss 2008-05-12 7:52:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.170 [GMT 10:00]
Running from: C:\Documents and Settings\Boss\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-06 19:38 . 2008-05-06 19:38 <DIR> d
C:\Program Files\Trend Micro
2008-05-04 18:12 . 2008-05-04 18:12 <DIR> d
C:\Program Files\CleanUp!
2008-05-04 11:40 . 2008-05-04 11:40 <DIR> d
C:\Program Files\Lavasoft
2008-05-04 11:39 . 2008-05-04 11:39 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 14:56 . 2008-05-04 11:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 17:15 . 2008-04-28 17:15 12,297,167
C:\avg7qt.dat
2008-04-21 16:45 . 2008-05-05 12:39 <DIR> d
C:\Program Files\NavigationTool
2008-04-15 21:06 . 2008-04-15 21:06 <DIR> d
C:\Program Files\Red Kawa
2008-04-11 21:46 . 2008-04-11 21:46 32,353 --a
C:\WINDOWS\SGTBox.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:43
d
w C:\Program Files\NavigationEnhancer
2008-05-11 21:42
d
w C:\Documents and Settings\Boss\Application Data\AVG7
2008-05-04 08:05
d
w C:\Program Files\LimeWire
2008-05-04 08:00
d
w C:\Documents and Settings\Boss\Application Data\LimeWire
2008-05-02 04:39
d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 04:39
d
w C:\Program Files\Google
2008-04-21 06:47
d
w C:\Program Files\FBrowserAdvisor
2008-04-07 08:12
d
w C:\Program Files\Picasa2
2008-04-01 10:39
d
w C:\Program Files\Java
2008-04-01 10:35
d
w C:\Program Files\Common Files\Java
2008-03-27 13:45
d
r C:\Documents and Settings\Boss\Application Data\Brother
2008-03-19 09:47 1,845,248
w C:\WINDOWS\system32\win32k.sys
2008-03-14 06:05 385,024 ----a-w C:\WINDOWS\system32\WinNB55.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-03-15 04:19 212,992
w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 07:55 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 05:17 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391C0909-C026-3B63-FFDB-93FFF4E81675}]
2007-12-31 06:48 1019904 --a
C:\Program Files\NavigationEnhancer\NavigationEnhancer-4.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 19:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SiSPower"="SiSPower.dll" [2007-10-03 15:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:37 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"MDNS"="C:\WINDOWS\system32\service.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 09:33 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2008-01-22 13:43:38 55296]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [1999-05-21 01:00]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 07:55:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 7:57:33
ComboFix-quarantined-files.txt 2008-05-11 21:57:28
Pre-Run: 8,668,536,832 bytes free
Post-Run: 8,660,590,592 bytes free
91 --- E O F --- 2008-04-14 12:51:01
ComboFix 08-05-11.1 - Boss 2008-05-12 7:52:17.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.170 [GMT 10:00]
Running from: C:\Documents and Settings\Boss\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-04-11 to 2008-05-11 )))))))))))))))))))))))))))))))
.
2008-05-06 19:38 . 2008-05-06 19:38 <DIR> d
C:\Program Files\Trend Micro
2008-05-04 18:12 . 2008-05-04 18:12 <DIR> d
C:\Program Files\CleanUp!
2008-05-04 11:40 . 2008-05-04 11:40 <DIR> d
C:\Program Files\Lavasoft
2008-05-04 11:39 . 2008-05-04 11:39 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 14:56 . 2008-05-04 11:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 17:15 . 2008-04-28 17:15 12,297,167
C:\avg7qt.dat
2008-04-21 16:45 . 2008-05-05 12:39 <DIR> d
C:\Program Files\NavigationTool
2008-04-15 21:06 . 2008-04-15 21:06 <DIR> d
C:\Program Files\Red Kawa
2008-04-11 21:46 . 2008-04-11 21:46 32,353 --a
C:\WINDOWS\SGTBox.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 21:43
d
w C:\Program Files\NavigationEnhancer
2008-05-11 21:42
d
w C:\Documents and Settings\Boss\Application Data\AVG7
2008-05-04 08:05
d
w C:\Program Files\LimeWire
2008-05-04 08:00
d
w C:\Documents and Settings\Boss\Application Data\LimeWire
2008-05-02 04:39
d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 04:39
d
w C:\Program Files\Google
2008-04-21 06:47
d
w C:\Program Files\FBrowserAdvisor
2008-04-07 08:12
d
w C:\Program Files\Picasa2
2008-04-01 10:39
d
w C:\Program Files\Java
2008-04-01 10:35
d
w C:\Program Files\Common Files\Java
2008-03-27 13:45
d
r C:\Documents and Settings\Boss\Application Data\Brother
2008-03-19 09:47 1,845,248
w C:\WINDOWS\system32\win32k.sys
2008-03-14 06:05 385,024 ----a-w C:\WINDOWS\system32\WinNB55.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-03-15 04:19 212,992
w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 07:55 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 05:17 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391C0909-C026-3B63-FFDB-93FFF4E81675}]
2007-12-31 06:48 1019904 --a
C:\Program Files\NavigationEnhancer\NavigationEnhancer-4.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 19:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SiSPower"="SiSPower.dll" [2007-10-03 15:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:37 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"MDNS"="C:\WINDOWS\system32\service.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 09:33 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2008-01-22 13:43:38 55296]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [1999-05-21 01:00]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 07:55:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 7:57:33
ComboFix-quarantined-files.txt 2008-05-11 21:57:28
Pre-Run: 8,668,536,832 bytes free
Post-Run: 8,660,590,592 bytes free
91 --- E O F --- 2008-04-14 12:51:01
If you could help with the issue of multi browser windows opening each time I open a browser and pop ups opening when ever they desire I would be most grateful.
Thanks for your help.
: Recovery Console :
we need to install the Recovery Console on this computer
this is very important it could save you later
Go to Microsoft's website => http://support.microsoft.com/kb/310994
Select the download that's appropriate for your Operating System
the one for you is Windows XP Service Pack 2 (SP2)
Download the file & save it as it's originally named, next to ComboFix.exe.
Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.
:P2P Warning!:
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
LimeWire
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
References for the risk of these programs can be found in these links:
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
http://www.techweb.com/wire/160500554
http://www.internetworldstats.com/articles/art053.htm
I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.
:uninstall some programs:
1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs
NavigationEnhancer
and click on remove
:Run CFScript:
Open Notepad and copy/paste the text in the box into the window:
File:: C:\WINDOWS\system32\WinNB55.dll C:\WINDOWS\system32\service.exe Folder:: C:\Program Files\NavigationEnhancer C:\Program Files\NavigationTool Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MDNS"=- [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391C0909-C026-3B63-FFDB-93FFF4E81675}]Save it to your desktop as CFScript.txt
Refering to the picture above, drag CFScript.txt into ComboFix.exe
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
:information and logs:
In your next post I need the following
1.the two logs from combofix 2.new log from hijackthis ( last post you sent me the same combofix log twice)
Gringo
Sorry for posting the wrong log earlier. I had them both open on the task bar and obviously posted the same one twice. Here are my new logs.
ComboFix 08-05-11.1 - Boss 2008-05-12 21:51:14.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.134 [GMT 10:00]
Running from: C:\Documents and Settings\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Boss\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.
2008-05-06 19:38 . 2008-05-06 19:38 <DIR> d
C:\Program Files\Trend Micro
2008-05-04 18:12 . 2008-05-04 18:12 <DIR> d
C:\Program Files\CleanUp!
2008-05-04 11:40 . 2008-05-04 11:40 <DIR> d
C:\Program Files\Lavasoft
2008-05-04 11:39 . 2008-05-04 11:39 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 14:56 . 2008-05-04 11:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 17:15 . 2008-04-28 17:15 12,297,167
C:\avg7qt.dat
2008-04-21 16:45 . 2008-05-05 12:39 <DIR> d
C:\Program Files\NavigationTool
2008-04-15 21:06 . 2008-04-15 21:06 <DIR> d
C:\Program Files\Red Kawa
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 11:03
d
w C:\Program Files\NavigationEnhancer
2008-05-12 10:56
d
w C:\Documents and Settings\Boss\Application Data\AVG7
2008-05-04 08:05
d
w C:\Program Files\LimeWire
2008-05-04 08:00
d
w C:\Documents and Settings\Boss\Application Data\LimeWire
2008-05-02 04:39
d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 04:39
d
w C:\Program Files\Google
2008-04-21 06:47
d
w C:\Program Files\FBrowserAdvisor
2008-04-07 08:12
d
w C:\Program Files\Picasa2
2008-04-01 10:39
d
w C:\Program Files\Java
2008-04-01 10:35
d
w C:\Program Files\Common Files\Java
2008-03-27 13:45
d
r C:\Documents and Settings\Boss\Application Data\Brother
2008-03-19 09:47 1,845,248
w C:\WINDOWS\system32\win32k.sys
2008-03-14 06:05 385,024 ----a-w C:\WINDOWS\system32\WinNB55.dll
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-03-15 04:19 212,992
w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 07:55 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 05:17 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2008-05-12"]snapshot@2008-05-12[/EMAIL]_ 7.57.18.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 21:41:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 06:25:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{391C0909-C026-3B63-FFDB-93FFF4E81675}]
2007-12-31 06:48 1019904 --a
C:\Program Files\NavigationEnhancer\NavigationEnhancer-4.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 19:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SiSPower"="SiSPower.dll" [2007-10-03 15:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:37 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"MDNS"="C:\WINDOWS\system32\service.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 09:33 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2008-01-22 13:43:38 55296]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [1999-05-21 01:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 21:53:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 21:54:44
ComboFix-quarantined-files.txt 2008-05-12 11:54:37
ComboFix2.txt 2008-05-11 21:57:34
Pre-Run: 9,018,957,824 bytes free
Post-Run: 8,995,475,456 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
102 --- E O F --- 2008-04-14 12:51:01
ComboFix 08-05-11.1 - 2008-05-12 22:06:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.112 [GMT 10:00]Running from: C:\Documents and Settings\Boss\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Boss\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\system32\service.exe
C:\WINDOWS\system32\WinNB55.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\NavigationTool
C:\Program Files\NavigationTool\NavigationTool.dat
C:\Program Files\NavigationTool\pcre3.dll
C:\Program Files\NavigationTool\uninstall.exe
C:\WINDOWS\system32\WinNB55.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.
2008-05-06 19:38 . 2008-05-06 19:38 <DIR> d
C:\Program Files\Trend Micro
2008-05-04 18:12 . 2008-05-04 18:12 <DIR> d
C:\Program Files\CleanUp!
2008-05-04 11:40 . 2008-05-04 11:40 <DIR> d
C:\Program Files\Lavasoft
2008-05-04 11:39 . 2008-05-04 11:39 <DIR> d
C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 14:56 . 2008-05-04 11:40 <DIR> d
C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-28 17:15 . 2008-04-28 17:15 12,297,167
C:\avg7qt.dat
2008-04-15 21:06 . 2008-04-15 21:06 <DIR> d
C:\Program Files\Red Kawa
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 10:56
d
w C:\Documents and Settings\Boss\Application Data\AVG7
2008-05-04 08:00
d
w C:\Documents and Settings\Boss\Application Data\LimeWire
2008-05-02 04:39
d--h--w C:\Program Files\InstallShield Installation Information
2008-05-02 04:39
d
w C:\Program Files\Google
2008-04-21 06:47
d
w C:\Program Files\FBrowserAdvisor
2008-04-07 08:12
d
w C:\Program Files\Picasa2
2008-04-01 10:39
d
w C:\Program Files\Java
2008-04-01 10:35
d
w C:\Program Files\Common Files\Java
2008-03-27 13:45
d
r C:\Documents and Settings\Boss\Application Data\Brother
2008-03-19 09:47 1,845,248
w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2006-03-15 04:19 212,992
w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-26 07:55 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 05:17 280,576
w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.
((((((((((((((((((((((((((((( [EMAIL="snapshot@2008-05-12"]snapshot@2008-05-12[/EMAIL]_ 7.57.18.01 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-11 21:41:39 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 06:25:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 12:08:16 53,248 ----a-w C:\WINDOWS\TEMP\catchme.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 19:44 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"SiSPower"="SiSPower.dll" [2007-10-03 15:58 53248 C:\WINDOWS\system32\SiSPower.dll]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51 25088]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 19:37 579584]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-24 09:33 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 06:05:56 65588]
NETGEAR WG311v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe [2006-01-26 17:55:04 1486848]
Photo Express Calendar Checker SE.lnk - C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe [2008-01-22 13:43:38 55296]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
R2 ScFBPNT2;CanoScan FBP2 Port Driver;C:\WINDOWS\system32\drivers\ScFBPNT2.SYS [1999-05-21 01:00]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 22:08:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 22:09:48
ComboFix-quarantined-files.txt 2008-05-12 12:09:40
ComboFix2.txt 2008-05-12 11:54:45
ComboFix3.txt 2008-05-11 21:57:34
Pre-Run: 8,993,153,024 bytes free
Post-Run: 8,984,059,904 bytes free
99 --- E O F --- 2008-04-14 12:51:01
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:54 PM, on 12/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5140 bytes
A friend of my sons installed MSN and Limewire on to his computer. I have tried to uninstall both. Limewire does not appear on add/remove programs list and I have deleted the Limewire folder in Program files. Is there anything else I need to do to be assured that all traces of Limewire are completely removed from his computer. Also can you tell me how to be sure that I can completely remove all trace of MSN from his system as well.
Thanks for your help. It is much appreicated.
The only thing I find is this folder C:\Documents and Settings\Boss\Application Data\LimeWire you can delete it if you wish
: Malwarebytes' Anti-Malware :
Please download
Malwarebytes' Anti-Malware to your desktop.[*]Double-click mbam-setup.exe and follow the prompts to install the program.
[*]At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
[*] then click Finish.[*]If an update is found, it will download and install the latest version.
[*]Once the program has loaded, select Perform full scan, then click Scan.
[*]When the scan is complete, click OK, then Show Results to view the results.
[*]Be sure that everything is checked, and click Remove Selected.
[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply
:Run Kaspersky Online AV Scanner:
Order to use it you have to use Internet Explorer. Go to
Kaspersky and click the Accept button at the end of the page.Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
- Read the Requirements and limitations before you click Accept.
- Allow the ActiveX download if necessary.
- Once the database has downloaded, click Next.
- Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
- Click on "My Computer"
- When the scan has completed, click Save Report As...
- Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
- Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply:information and logs:
In your next post I need the following
1.log from malwarebyts 2.log from Kaspersky
Gringo
Sorry for the delay in replying but have had alot of trouble trying to get the Kaspersky scan to run and complete. Finally managed it so will have to post the logged results in two different posts as it is too long for one.
Here is the first log.
Malwarebytes' Anti-Malware 1.12
Database version: 743
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 169233
Time elapsed: 1 hour(s), 10 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 7
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boss\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Files Infected:
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CB8098B-9A1B-48E0-B341-B1FBD8EB4441}\RP110\A0035167.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CB8098B-9A1B-48E0-B341-B1FBD8EB4441}\RP116\A0038441.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CB8098B-9A1B-48E0-B341-B1FBD8EB4441}\RP119\A0040514.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CB8098B-9A1B-48E0-B341-B1FBD8EB4441}\RP124\A0040653.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1CB8098B-9A1B-48E0-B341-B1FBD8EB4441}\RP129\A0040725.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Boss\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
please send it in two posts
gringo
The file is 2.6MB in size so is there any other way I can send this log to you rather than tryiing to keep cutting and pasting the different sections as it is always way over the text limit.
you can go here and upload the file then send me the download link in this thread.
http://rapidshare.com/
Gringo
I have uploaded the file to RapidShare as you requested and here is the link....
Kaspersky
Please let me know if that is all you require.
Thanks.
Sorry for taking so long they are trying to kill me at work
:Delete files and folders:
I need you to right click on the
start buttonclick on explore
and navegate to and delete these files or folders (if present):
C:\Documents and Settings\Boss\Desktop\Games\FlashPlayer Games\Linerider1.3B.exe<=== this file
:Clean temp files:
Download and Run ATF Cleaner Download
ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click
Firefox at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click
Opera at the top and choose: Select AllClick the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
:information and logs:
In your next post I need the following
1.let me know how the computer is doing now please 2. let me have a new hijackthis log
Gringo
Thanks to your help our computer is now running much more smoothly. The annoying multi browser windows opening and annoying pop ups seem to have stopped.
Can you tell me what this error message that I get every time I open Windows means and what I need to do to fix the problem
RUNDLL
Error loading cmicnfg.cpl
The specified module could not be found
Here is the latest hijackthis log.....
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:45 PM, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/ocis/SiSAutodetectNT.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--
End of file - 5357 bytes
Thanks.
that error comes from a file missing. the file that says is missing is from your sound.
first I would uninstall this C-Media WDM Audio Driver
:uninstall some programs:
1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs
C-Media WDM Audio Driver
and click on remove
Then you would need to do this
:Remove bad HijackThis entries:
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
[*] Close all open windows and browsers/email, etc...
[*] Click on the "Fix Checked" button
[*] When completed, close the application.
now after you have done those steps If you still have sound then we are doing good, if you do not have sound then go here and download the drivers
http://www.opendrivers.com/driver/211127/c-media-cmi8738-cmi8338-sound-wdm-driver-5.12.01.0639-windows-xp-free-download.html
the one I think you would need is C-Media CMI8788 HD Audio Driver 5.12.01.0008 Windows 2000/XP
Let me know if this fixed the problem so we can finish up here
Gringo
Thanks for that. The error message has now disappeared so that is all good. However there is now this error message showing up.....
Cal.Check.exe - Application Error
The application failed to initialize properly (OXc0000142) Click on OK to terminate the application.
Can you please help me fix this error.
Thanks so much.
:disable Ad-Aware 2007:
First please disable Ad-Aware 2007 as it may interfere with repairs.
:Remove bad HijackThis entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
[*] Close all open windows and browsers/email, etc...
[*] Click on the "Fix Checked" button
[*] When completed, close the application.
:uninstall some programs:
1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add remove programs
click on the following programs
Java(TM) 6 Update 4
and click on remove
Please reboot the computer now
: Update Java :
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.
reboot the computer again
:information and logs:
In your next post I need the following
1.let me have a new log from hijackthis please 2.how are things now?
Gringo
: three day bump :
It has been three days since my last post.
Gringo
As this topic looks to be resolved This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead
_______________________________
Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.