1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Bookoncd will not run anymore

Discussion in 'Virus & Other Malware Removal' started by PhilipBA, Apr 6, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. PhilipBA

    PhilipBA Thread Starter

    Joined:
    Apr 6, 2010
    Messages:
    1
    My Bookoncd will not run anymore cd is not scratched it still works on other computers here is the error: AppName: bookoncd.exe AppVer: 1.52.0.0 ModName: unknown
    ModVer: 0.0.0.0 Offset: 01571040 here is the hijack this tx file:Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:00:32 PM, on 4/5/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
    C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\Program Files\IOGear\ION\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\My Downloads\ProcessMonitor\Procmon.exe
    C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    C:\WINDOWS\System32\PAStiSvc.exe
    C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Philip Baldwin.PHILIP-JJJDUI15\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://norcalmls.rapmls.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
    O3 - Toolbar: ReGet Bar - {17939A30-18E2-471E-9D3A-56DD725F1215} - C:\Program Files\ReGet Software\ReGet Deluxe\IEBar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-854245398-1614895754-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Download A&ll by ReGet Deluxe - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: FreshDownload - {4F37598F-7C69-4420-896B-E54BBC7F8BA6} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: English<->Chinese Simplified - {CF29052B-32C2-BD48-9B95-01CA08248A47} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Chinese Simplified) for Windows\Plugins\IE.htm
    O9 - Extra 'Tools' menuitem: English<->Chinese Simplified - {CF29052B-32C2-BD48-9B95-01CA08248A47} - C:\Program Files\LingvoSoft\LingvoSoft Talking Dictionary 2007 (English-Chinese Simplified) for Windows\Plugins\IE.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [TBH] SOSO AddressBar Search
    O15 - Trusted Zone: http://www.nvidia.com
    O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game-web.qq.com/client/QQGame2.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129991016546
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1A4C1E58-A563-4C53-9573-A32865C41445}: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    O23 - Service: Google Update Service (gupdate1c9eee0d16192cc) (gupdate1c9eee0d16192cc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\SymcPCCULaunchSvc.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
    O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files\Norton PC Checkup\Engine\2.0.2.547\ccSvcHst.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\IOGear\ION\IoctlSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
    O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

    --
    End of file - 10711 bytes
    here is Procmon file 59:31.6 Explorer.EXE 1504 QueryOpen D:\BookOnCD.exe FAST IO DISALLOWED







    59:31.6 Explorer.EXE 1504 CreateFile D:\BookOnCD.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened 59:31.6 Explorer.EXE 1504 QueryBasicInformationFile D:\BookOnCD.exe SUCCESS CreationTime: 11/17/2008 3:08:16 PM, LastAccessTime: 0, LastWriteTime: 11/17/2008 3:08:16 PM, ChangeTime: 11/17/2008 3:08:16 PM, FileAttributes: R 59:31.6 Explorer.EXE 1504 CloseFile D:\BookOnCD.exe SUCCESS









    59:31.7 Explorer.EXE 1504 QueryOpen D:\BookOnCD.exe FAST IO DISALLOWED







    59:31.7 Explorer.EXE 1504 CreateFile D:\BookOnCD.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened 59:31.7 Explorer.EXE 1504 QueryBasicInformationFile D:\BookOnCD.exe SUCCESS CreationTime: 11/17/2008 3:08:16 PM, LastAccessTime: 0, LastWriteTime: 11/17/2008 3:08:16 PM, ChangeTime: 11/17/2008 3:08:16 PM, FileAttributes: R 59:31.7 Explorer.EXE 1504 CloseFile D:\BookOnCD.exe SUCCESS









    59:31.7 Explorer.EXE 1504 CreateFile D:\BookOnCD.exe ACCESS DENIED Desired Access: Generic Read, Write Attributes, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a 59:31.7 Explorer.EXE 1504 CreateFile D:\BookOnCD.exe SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened 59:31.7 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O

    59:35.9 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 8,224,768, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
    59:39.0 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 8,212,480, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
    59:39.1 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 8,220,672, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
    59:39.1 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 8,228,864, Length: 661, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
    59:39.1 Explorer.EXE 1504 ReadFile D:\BookOnCD.exe SUCCESS Offset: 8,200,192, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O
    Thank you for any help on this it has me going insane.
    PhilipBA
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/915044