Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Audio Problems and hijack this report

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Audio Problems and hijack this report

Unread postby chuck7497 » November 20th, 2009, 4:34 pm

This scan was a scheduled scan taken a few days later.

"Scan ""Scheduled scan"" was finished."
"Infections";"3";"3";"0"
"Spyware";"2";"2";"0"
"Warnings";"34";"0";"34"
"Folders selected for scanning:";"Scan whole computer"
"Scan started:";"Wednesday, November 18, 2009, 12:11:17 PM"
"Scan finished:";"Wednesday, November 18, 2009, 1:40:14 PM (1 hour(s) 28 minute(s) 57 second(s))"
"Total object scanned:";"482587"
"User who launched the scan:";"SYSTEM"

"Infections"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP68\A0011370.exe:\$JK\apa:\$JJ\$KI.dll";"Trojan horse Adload_r.JX";"Moved to Virus Vault"
"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP68\A0011370.exe:\$JK\apa";"Trojan horse Adload_r.JX";"Moved to Virus Vault"
"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP68\A0011370.exe";"Trojan horse Adload_r.JX";"Moved to Virus Vault"

"Spyware"
"File";"Infection";"Result"
"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP67\A0010530.exe:\$JF\PPCToolbar.dll";"Adware Generic2.ABZP";"Moved to Virus Vault"
"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP67\A0010530.exe";"Adware Generic2.ABZP";"Moved to Virus Vault"

"Warnings"
"File";"Infection";"Result"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\realmedia.com.ef906bac";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\realmedia.com.855b46d";"Found Tracking cookie.Realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\real.com.77111473";"Found Tracking cookie.Real";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\questionmarket.com.767e4302";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\questionmarket.com.4dd5e426";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\questionmarket.com.3eb5a9f1";"Found Tracking cookie.Questionmarket";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\mediaplex.com.f652b123";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\mediaplex.com.dc30fb3c";"Found Tracking cookie.Mediaplex";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\fastclick.net.c38980e4";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\doubleclick.net.bf396750";"Found Tracking cookie.Doubleclick";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\bluestreak.com.bf396750";"Found Tracking cookie.Bluestreak";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.ff92306";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.eec26c3e";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.8a47878";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.87a9ab5d";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.830b6f08";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\2o7.net.4ceb623c";"Found Tracking cookie.2o7";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Potentially dangerous object"
"C:\Documents and Settings\Chuck\Application Data\Mozilla\Firefox\Profiles\qx1zw9go.default\cookies.sqlite";"Found Tracking cookie.Yieldmanager";"Potentially dangerous object"
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm
Advertisement
Register to Remove

Re: Audio Problems and hijack this report

Unread postby hottroc » November 23rd, 2009, 5:28 pm

Hi, sorry about the long delay, those logs took some time.



First, uninstall the My Web Search option from Add/Remove Programs

1) Click on Start, Settings, Control Panel

2) Double click on Add/Remove Programs

3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

My Web Search (Smiley Central or FWP product as applicable)
My Way Speedbar (Smiley Central or other FWP as applicable)
My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
My Way Speedbar (Outlook, Outlook Express, and IncrediMail)
Search Assistant - My Way

Select the Ask Toolbar while you are there to remove that too in the same way.

4) Reboot your Computer


Custom OTL Script:

  • Double-click OTL.exe to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: Select all
    :OTL
    O3 - HKU\S-1-5-21-117609710-884357618-725345543-1004\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O4 - Startup: C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe File not found
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
    "C:\Program Files\Driver Updater\driverupdater.exe" = C:\Program Files\Driver Updater\driverupdater.exe:*:Enabled:Driver Updater -- File not found
    "C:\Program Files\Driver Updater\updater.exe" = C:\Program Files\Driver Updater\updater.exe:*:Enabled:Driver Updater Version Check -- File not found
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D6E5D55
    
    
    
  • Then paste into the Custom Fixes box at the bottom and click the Run Fix button at the top.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTL and post the log.


Next please open this file using Notepad and Copy/Paste the contents into your next reply for evaluation... H:\Autorun.inf


Can you tell me if you recognise this file....

C:\Documents and Settings\Chuck\My Documents\leedsklanin.rtf ?



Also if they are still present please delete these folders....

C:\Documents and Settings\Chuck\My Documents\LimeWire
C:\Documents and Settings\Chuck\Application Data\LimeWire
C:\Documents and Settings\Chuck\Local Settings\Application Data\AskToolbar
C:\Program Files\Ask.com



******* USBNoRisk *******
- download USBNoRisk to your Desktop and run it by double-clicking the program's icon
- wait a couple of seconds for initial scan to be done
- connect all of the USB storage devices to the PC, one at a time, and keep each one connected at least for 10 seconds
- if there are more USB storage devices to scan, please take a note about the order in which these were connected
- after all the devices are scanned, choose "Save log" option from right-click menu on Monitor tab. That will open the log in Notepad. Please copy/paste the log to forum

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.



Also, how is your machine performing now?

Also I need to make you aware that the log indicates the possibility of potential hard disk failure. This means it is essential you immediately backup anything you need to keep to a separate drive.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » November 24th, 2009, 1:08 pm

delted folder and files requested limewire and ask.
was unable to find any evidence of my web search not in add remove programs and nothing came up in a Windows explorer search do you have a directory i can track down and delete it?

The machine performs well it's prone to getting laggy if I have too much open.
there is still no sound.
hard drive failure sounds rather ominous I will try and find an adaptor i have several EIDE drives but this pc is Sata.

H:/autorun.inf file requested

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

C:\Documents and Settings\Chuck\My Documents\leedsklanin.rtf
Is a rich text file I Downloaded its a document file containing scientific writings. it's not vital and can be deleted if need be.






OTL report

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-117609710-884357618-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
File move failed. C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk scheduled to be moved on reboot.
ADS C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:2D6E5D55 deleted successfully.

OTL by OldTimer - Version 3.1.5.0 log created on 11242009_114853

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup\LimeWire On Startup.lnk not found!

Registry entries deleted on Reboot...







USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11/24/2009 11:59:19 AM

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
C: {da050dc3-c23e-11de-a437-806d6172696f}
H: {da050dc4-c23e-11de-a437-806d6172696f}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for da050dc3-c23e-11de-a437-806d6172696f
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on H:
autorun.inf found on H:
----------------------------------------
File H:\autorun.inf renamed successfully

Content of H:\autorun.inf.blocked
----------------------------------------
[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480
----------------------------------------

No mountpoint found for H:
No mountpoint found for da050dc4-c23e-11de-a437-806d6172696f
----------------------------------------
Desktop.ini found at H:\cmdcons\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\MiniNT\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\PRELOAD\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\I386\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\HP\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\TOOLS\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\RECOVERY\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------
Desktop.ini found at H:\Recycled\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
----------------------------------------
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},InfoTip = @%SystemRoot%\system32\SHELL32.dll,-22915
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},IntroText = @%SystemRoot%\system32\SHELL32.dll,-31748
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E},LocalizedString = @%SystemRoot%\system32\SHELL32.dll,-8964
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,@ = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Empty = %SystemRoot%\System32\shell32.dll,31
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\DefaultIcon,Full = %SystemRoot%\System32\shell32.dll,32
HKLM\Software\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\InProcServer32,@ = shell32.dll
----------------------------------------
Desktop.ini found at H:\ contains interesting CLSID string
----------------------------------------
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}

[ShellvRTF]
RTFPath="protect.ed"
----------------------------------------
CLSID not found in registry
----------------------------------------

========================================
Initial scan finished!
========================================
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby hottroc » November 27th, 2009, 6:50 pm

Sorry again for the delay.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » November 29th, 2009, 8:57 pm

Scan started. i already have malwarebytes anti malware installed did you want me to remove it and reinstall? or just perform another scan? cause all I did was start another scan following the directions from the select all drives part.
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby chuck7497 » November 29th, 2009, 11:25 pm

results of malware scan

Malwarebytes' Anti-Malware 1.41
Database version: 3181
Windows 5.1.2600 Service Pack 2

11/29/2009 10:19:10 PM
mbam-log-2009-11-29 (22-19-10).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 416323
Time elapsed: 2 hour(s), 22 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Smart-Ads-Solutions (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.0.27.0 (Adware.SmartAds) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Smart-Ads-Solutions\SmartAds\1.0.27.0\uninstall.exe (Adware.SmartAds) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\cd1041ae-9aad-4f3a-8018-864df08fccb4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby hottroc » November 30th, 2009, 7:05 pm

That is fine thanks.




-----------------------------------------------------------
Online Virus Scan


Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. You will be prompted to install an application from Kaspersky. Click Run.
  3. It will start downloading and installing the scanner and virus definitions.
  4. When the downloads have finished, click on Settings.
  5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives and Mail bases

  6. Click on My Computer under Scan.
  7. Go and make a cup of tea, it could be some time
  8. Once the scan is complete, it will display the results. Click on View Scan Report.
  9. You will see a list of infected items there. Click on Save Report As....
  10. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  11. Please post this log in your next reply along with a fresh HijackThis log.


Also please advise how your computer is behaving now?
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » December 1st, 2009, 9:15 am

operationally it's seems ok I play online games and it handles that alright keep the settings low. sometimes the windows will take awhile to load heavy content pages and freeze up. still no sound.
unknown PCI device appears after startup it tries to find the driver but can't find it.


Hijack report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:18:24 PM, on 11/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [20090604] C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe /r "C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.rpd"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/be ... dtwist.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 9101 bytes








Kaspersky report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, December 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, December 01, 2009 02:02:22
Records in database: 3316780
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 272017
Threats found: 7
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 05:48:21


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: Trojan-Downloader.NSIS.Agent.bk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: not-a-virus:AdWare.Win32.Agent.oma 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: Trojan-Downloader.Win32.Zlob.bjhe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: Trojan-Downloader.Win32.Zlob.bgzo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: Trojan-Downloader.Win32.Zlob.bfea 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44960018.exe Infected: Trojan-Downloader.Win32.Zlob.bfeb 1
C:\hp\bin\wbug\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
H:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1
H:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1

Selected area has been scanned.
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby hottroc » December 2nd, 2009, 1:50 pm

Hi again, is this....

C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe

....a game or program you have knowingly installed? I don't recognise it and wondered if you did?
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » December 3rd, 2009, 11:54 am

yes that is a game my wife installed that she bought on a black friday sale. Its a slot machine simulator. I also got far cry 2 but it's really really laggy to the point where it's unplayable. would getting a sound card solve this problem or is whatever that's stopping the sound also affect a new card?
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby hottroc » December 3rd, 2009, 4:45 pm

Hi, thanks for the info and for sticking with this. My priority is to check and remove any malware (viruses, trojans etc) then if you still have problems I will refer you to somebody more suited to solving non-malware-related problems such as hardware or drivers. Please continue with these instructions.


-----------------------------------------------------------
Fix with HJT

Open up Hijackthis.
Click on Do a system scan only.
Place a checkmark next to these lines(if still present).

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


Then close all windows except Hijackthis and click Fix Checked
Close HijackThis.



-----------------------------------------------------------
Delete the bad files

Please open My Computer and double-click your Local Drive C: drive icon. Delete these files/folders by right-clicking them and choosing Delete from the shortcut menu:

  • C:\hp\bin\wbug\ (the whole folder in red)
  • H:\I386\APPS\APP17392\src\CompaqPresario_Spring06.exe
  • H:\I386\APPS\APP17392\src\HPPavillion_Spring06.exe


Then I'll have another log to check ...

-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » December 4th, 2009, 8:39 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:35:32 PM, on 12/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CD Autorun] C:\Program Files\TweakNow PowerPack 2009\CDAuto.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chuck\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [20090604] C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.exe /r "C:\Program Files\Common Files\Datalode\Encore\Hoyle Slots 2010\encore_reg.rpd"
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v47/sh ... Loader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} (BejeweledTwist Control) - http://www.worldwinner.com/games/v51/be ... dtwist.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8134 bytes
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm

Re: Audio Problems and hijack this report

Unread postby hottroc » December 9th, 2009, 9:06 am

Sorry for the delay, be with you soon.
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby hottroc » December 9th, 2009, 12:44 pm

Hi, well the good news is your log appears CLEAN. I'll give you a little prevention advice to try to keep it that way and then we'll come back to your problems at the end...

First we need to reset your Restore Points which may also have been infected.

Note: This will remove all previous Restore Points

***Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

***Turn System Restore back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start.... My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab
This time select the: Restore Defaults
Select: Apply, and click OK

Now please delete the OTL program as this will no longer be needed. You may wish to keep the Malwarebytes on your system but otherwise you can Uninstall it using Add/Remove Programs.

If you dont have these programs I would recommend that you get them.
Spywareblaster <http://www.javacoolsoftware.com/spywareblaster.html>,
WinPatrol <http://www.winpatrol.com> They will add 1000's of sites to your resticted zone blocking some hijacks from happening and inform you of any unauthorized system changes.

It is critical to have both a firewall and anti virus to protect your system at all times and I see you have followed my earlier advice on this but I will also advise to check for updates regularly, at least once a week if poss.

Keep your system up to date also at Windows Update and run Spybot, once a week, available from http://www.spybot.com.

Update Non-Microsoft Programs
Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the >Secunia Software Inspector< - I suggest that you run it at least once a month.


I also recommend some further reading - How to prevent Malware by Miekiemoes (one of the best helpers around) at http://users.telenet.be/bluepatchy/miekiemoes/prevention.html




Now back to your problems. As there is no malware on your system then any remaining problems are probably something to do with hardware or related drivers, especially common with audio issues. There are people better qualified to deal with issues like these and the place I can recommend is http://www.whatthetech.com and someone there will be able to help you if you give them the details of your problems. Be sure to mention that you have had your system checked for malware at http://www.malwareremoval.com and certified clean. You can point them to this topic here if you wish.

Best of luck.

Regards,
hottroc
Regular Member
 
Posts: 793
Joined: January 30th, 2008, 6:38 am

Re: Audio Problems and hijack this report

Unread postby chuck7497 » December 9th, 2009, 7:59 pm

Allright then I have posted at the new website. i await their answer to my problem. Thanks for your help.
I downloaded the software you suggested. I read in the new people posts about P2p transfers. one last question Is there a safe way to Bit torrent? or is none of it safe?
chuck7497
Regular Member
 
Posts: 20
Joined: November 6th, 2009, 4:38 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 467 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware