1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My volume slider under windows XP keeps going down automatically.

Discussion in 'Windows XP' started by stillbreathing, Mar 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    ComboFix 12-03-31.02 - Grant Anderson 31/03/2012 18:41:51.5.4 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1336 [GMT 1:00]
    Running from: c:\documents and settings\Grant Anderson\Desktop\puppy.exe
    AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-31 17:41 . 2012-03-31 17:41 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\MpKsl2b11b14c.sys
    2012-03-31 17:39 . 2012-03-31 17:39 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\MpKsl33f3e0e6.sys
    2012-03-31 10:42 . 2012-03-31 10:42 -------- d-----w- C:\_OTS
    2012-03-31 10:17 . 2012-03-31 10:17 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\offreg.dll
    2012-03-31 10:17 . 2012-03-31 10:17 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\MpKslba12227c.sys
    2012-03-31 10:16 . 2012-03-14 02:15 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\mpengine.dll
    2012-03-22 18:44 . 2012-03-22 18:44 -------- d-----w- C:\puppy
    2012-03-21 02:42 . 2012-03-21 02:42 -------- d-----w- c:\program files\Common Files\Java
    2012-03-21 02:37 . 2012-03-21 02:37 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
    2012-03-17 22:57 . 2012-03-17 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-21 02:41 . 2010-04-18 06:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-03-21 02:41 . 2010-04-18 06:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-03-21 02:27 . 2011-02-15 13:40 42672 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2012-03-14 02:15 . 2012-02-24 08:00 6582328 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-02-24 07:50 . 2011-06-27 06:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-03 09:22 . 2004-08-04 10:00 1860096 ----a-w- c:\windows\system32\win32k.sys
    2012-01-31 12:44 . 2009-10-12 13:47 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-11 19:06 . 2012-02-15 11:04 3072 ------w- c:\windows\system32\iacenc.dll
    2012-01-09 16:20 . 2008-09-12 10:37 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-01-08 12:53 . 2012-01-08 12:53 388096 ----a-r- c:\documents and settings\Grant Anderson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 385024]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SQLAgent$SONY_MEDIAMGR"=3 (0x3)
    "seclogon"=2 (0x2)
    "SandraAgentSrv"=3 (0x3)
    "RDSessMgr"=3 (0x3)
    "RasMan"=3 (0x3)
    "G Data Tuner Service"=3 (0x3)
    "RasAuto"=3 (0x3)
    "ATI Smart"=2 (0x2)
    "Ati HotKey Poller"=2 (0x2)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12825:TCP"= 12825:TCP:*:Disabled:utorrent
    "6346:TCP"= 6346:TCP:*:Disabled:shareaza
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [15/02/2011 14:40 42672]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/10/2011 00:35 28552]
    R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [16/04/2009 16:41 11264]
    R1 MpKsl2b11b14c;MpKsl2b11b14c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8943CC6F-21C7-451C-826D-BBA649011712}\MpKsl2b11b14c.sys [31/03/2012 18:41 29904]
    R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [17/03/2009 15:02 33792]
    R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
    R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
    R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 10:53 136176]
    S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [18/03/2010 20:39 99416]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [08/09/2011 23:26 79360]
    S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [18/03/2010 20:39 555096]
    S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
    S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [18/03/2010 20:39 100952]
    S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [18/03/2010 20:39 566360]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
    S3 esihdrv;esihdrv;\??\c:\docume~1\GRANTA~1\LOCALS~1\Temp\esihdrv.sys --> c:\docume~1\GRANTA~1\LOCALS~1\Temp\esihdrv.sys [?]
    S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);c:\windows\system32\drivers\GPWADrv.sys [13/03/2011 20:26 579456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/11/2010 10:53 136176]
    S3 L6PODX3;L6 POD X3 Service;c:\windows\system32\drivers\L6PODX3.sys [12/03/2011 01:56 571008]
    S3 MEMSWEEP2;MEMSWEEP2; [x]
    S3 RDID1067;Roland VG-99;c:\windows\system32\drivers\Rdwm1067.sys [17/05/2009 14:05 171969]
    S3 RRMONX;RRMONX; [x]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [04/08/2004 11:00 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL2B11B14C
    *NewlyCreated* - MPKSL33F3E0E6
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 09:53]
    .
    2012-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-29 09:53]
    .
    2012-03-31 c:\windows\Tasks\User_Feed_Synchronization-{DB57EF23-0AB2-4666-9CA4-627534C449F0}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.rhymezone.com/r/rhyme.cgi?Word=claimed&org1=syl&org2=l&typeofrhyme=perfect
    Trusted Zone: line6.net
    TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-03-31 18:46
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-583907252-796845957-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2156)
    c:\windows\system32\WININET.dll
    c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2012-03-31 18:48:16
    ComboFix-quarantined-files.txt 2012-03-31 17:48
    ComboFix2.txt 2012-03-18 22:08
    .
    Pre-Run: 134,255,513,600 bytes free
    Post-Run: 134,224,936,960 bytes free
    .
    - - End Of File - - A380FA4735734CA2964064BE3F9494BA

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:13:13, on 31/03/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rhymezone.com/r/rhyme.cgi?Word=claimed&org1=syl&org2=l&typeofrhyme=perfect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O15 - Trusted Zone: *.line6.net
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230594984578
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/3,0,0,6052/mcfscan.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 6502 bytes
    Hijack this seemed very quick this time .
     
  2. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    It still said that avg was active but it should be gone .
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    • Go to Start - Run and type wbemtest then click OK.
    • Click on the Connect button on the upper right side (above Exit).
    • Change root\default to root\SecurityCenter and click on Connect again.
    • Under IWbemServices click on Query…
    • Type in SELECT * FROM AntiVirusProduct and then click on Apply.

    There should be an entry for each of the following:

    {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    {8decf618-9569-4340-b34a-d78d28969b66}

    Double-click on each of the bold ones and scroll down the results window until you see Company name/Display name for AVG. The first one should be for AVG Internet Security 2012 and the last one for AVG Firewall. Delete those two entries, leaving only the other two that are for MSE.
     
  4. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    The second bold entry was not present but I did the delete on the first bold entry . I guess AVG doesn't like to be uninstalled ?!
     
  5. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    How many entries were there? Did you check the others to see if any were related to AVG?
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    How are things with the system now?
     
  7. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    The volume is behaving itself now thankyou . Occasionally something bugs with the horrendous amount of junk and viruses out there . I thank you very much Cookie Gal you have done more than enough . Give Brandy a little scritch from me ?! :)
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    I will and give Poppy one too (whatever a scritch is :D )

    Here are some final instructions for you.

    Follow these steps to uninstall Combofix and all of its files and components.
    • Click START then RUN
    • Now type ComboFix /uninstall in the runbox and click OK. Note the space between the X and the /uninstall, it needs to be there (the screenshot is just for illustration purposes but the actual command uses the entire word "uninstall" and not just the "u" as shown in the picture).

      [​IMG]


    Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

    To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

    In the System Restore wizard, select Create a restore point and click the Next button.

    Type a name for your new restore point then click on Create.
     
  9. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    Hehe , on our bull terrier page on fb we say that a scritch is a gentle scratch to that little sweet spot on the lil doggies neck that makes them arch their neck and contort their mouth into what looks like a smile , they love this hehe! Yes bullie owners are kind of dog nuts haha :D . So we are all done then Cookie Gal ? Thank you again for your help it is really appreciated . <3
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    You're welcome. :)
     
  11. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    Hi CookieGal , sorry about this . Annoyingly the same problem has resurfaced . Disabled the network connections and watched for a while and it still happens . I do hope you are having a good weekend there . It's good dog walking weather here :)
     
  12. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    It stops when I unplug the keyboard, could it be the keyboard?
     
  13. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    It's possible. Can you try another keyboard? If you don't have another one maybe you can borrow from someone? Even if you buy one they're not expensive and it's always good to have a back-up. I have six or seven keyboards because I have yet to find one I like. :D
     
  14. stillbreathing

    stillbreathing Thread Starter

    Joined:
    Oct 1, 2009
    Messages:
    67
    Yes , I will have to trek to the computer shop . I will give that a go and see if it stops thanks . :)
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    101,645
    Sounds good. :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1045136