1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: after start up error message

Discussion in 'Virus & Other Malware Removal' started by kanachoe, Oct 12, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    after start up error message
    After i start xp up it goes to message userinit.exe-application error The application failed to initialize properly (oxc0000005) when i click it none of the windows icons come up.tHE ONLY WAY I CAN GET THINGS WORKING IS TO GO TO TASK MANAGER RUN EXPLORER.EXE. Does anyone knw how to get rid of this error permantly.

    this message is occuring when i open internet explorer and all other applications

    now itts saying rundll32.exe-bad image when it starts up and i cant open internet explorer



    thanks guys
     
  2. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:12:28 PM, on 11/10/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
    C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Samsung\EmoDio\SMSTray.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Opera\opera.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsave.com/index.php?sm=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 66.98.148.65 auto.search.msn.com
    O1 - Hosts: 66.98.148.65 auto.search.msn.es
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {26BBC9E7-6D91-4906-8C0E-1A0F57504765} - C:\WINDOWS\system32\ljJBuTnl.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {6ED58621-F7B2-49CB-8CC9-44F60EA60408} - C:\WINDOWS\system32\awtRLBSl.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: innbanner browser enhancer - {b737faa8-1046-f371-411e-3eea709875cc} - C:\WINDOWS\system32\hkqttsvemn.dll
    O2 - BHO: (no name) - {C1FEC19E-F893-4b56-9CC7-CFF71BB34693} - C:\WINDOWS\system32\rarulfjs.dll
    O2 - BHO: BrowserHelperEFO Class - {C514A4E5-E889-4CA8-BE28-CAC7E19F25FE} - C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O2 - BHO: {a0153a66-18f9-e3aa-0f94-5907c35017bd} - {db71053c-7095-49f0-aa3e-9f8166a3510a} - C:\WINDOWS\system32\dygxbo.dll
    O2 - BHO: (no name) - {E2BEA67D-2FB5-4E5F-9FA1-98370264D18F} - C:\WINDOWS\system32\cbXOHYrP.dll (file missing)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
    O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EFOToolbar - {AB26BF6C-BB04-4F00-8F98-BDE786CDE97D} - C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
    O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [vteykhfxcffsm] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\hkqttsvemn.dll" EntryPoint
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = LimeWire\LimeWire.exe
    O4 - Global Startup: STK018 PNP Monitor.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &3D Satellite Search - res://C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZRman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: S&earchSave Web Search - res://C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
    O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by WebHancer
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1195688322406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B7EBAEF-6B19-4424-805B-46FC78632DAF}: Domain = nsw.bigpond.net.au
    O20 - AppInit_DLLs: C:\WINDOWS\system32\__c007E179.dat
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXI\command.exe
    O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 11792 bytes
     
  3. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HijackThis and click on "Config" and then on the "Misc Tools" button.
    If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section".
    Click on the "Open Uninstall Manager" button.
    Click the "Save List" button.
    Copy and paste that list here.
     
  4. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    sorry about that my tower is making noises like its going to blow up


    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Acrobat.com
    Acrobat.com
    Acronis*Disk Director Suite
    Adobe AIR
    Adobe AIR
    Adobe Flash Player ActiveX
    Adobe Flash Player Plugin
    Adobe Reader 9
    Adobe Shockwave Player
    Alien Zone 5 v.18.270608
    ArcSoft PhotoImpression 6
    ASUSUpdate
    Azada : Ancient Magic
    Barnyard Bucks v6.06
    Big Fish Games Client
    BigPond Broadband ADSL FAQ
    Brother MFL-Pro Suite
    Bunny Bucks 5 v.18.270608
    Command
    Copernic Agent Basic
    DVD Suite
    EmoDio
    EmoDio
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    HouseCall 6.6
    Intel(R) Graphics Media Accelerator Driver
    Java(TM) 6 Update 7
    Lame ACM MP3 Codec
    LimeWire 4.18.8
    LoadIt
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (3.0)
    MSXML 4.0 SP2 (KB936181)
    My Web Search (Popular Screensavers)
    Nero 7 Essentials
    Network Monitor
    Norton PC Checkup
    OpenOffice.org Installer 1.0
    Opera 9.51
    PC Wizard 2008.1.85.2
    PowerDVD
    PowerProducer
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    RON Tool Innbanner
    SAMSUNG CDMA Modem Driver Set
    SAMSUNG Mobile Composite Device Software
    Samsung Mobile phone USB driver Software
    SAMSUNG Mobile USB Modem 1.0 Software
    SAMSUNG Mobile USB Modem Software
    Samsung PC Studio 3
    Samsung PC Studio 3 USB Driver Installer
    Security Update for 2007 Microsoft Office System (KB951596)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for Microsoft Office Excel 2007 (KB951546)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB951808)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office Word 2007 (KB950113)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Slot_Music 4.5
    Slots_Heartbeat 3.0
    STK018_V2.01
    Ulead Photo Express 4.0 SE
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb956080)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    webHancer Customer Companion
    Windows Defender
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    Witchy Wins v6.02
    XviD MPEG-4 Video Codec
    Yahoo! Browser Services
    Yahoo! Install Manager
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo!7 Toolbar
     
  5. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    my computer is making such a racket from the tower my system idle process system is going 99 cpu and 28k mem usage at the moment .
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Please visit this webpage for instructions for downloading and running ComboFix.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
     
  7. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    ComboFix 08-10-14.07 - Administrator 2008-10-15 9:10:24.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT 10:00]
    Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\Documents and Settings\LocalService\Application Data\NetMon
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\042CA9B2.swf
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\04316A7E
    C:\Program Files\FunWebProducts\ScreenSaver\Cache\files.ini
    C:\Program Files\FunWebProducts\ScreenSaver\Images\042987C1.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\042CA8D7.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images\042CF041.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\042E63F5.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\04308723.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0431B5A1.dat
    C:\Program Files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
    C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
    C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
    C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV
    C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
    C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
    C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
    C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
    C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
    C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE
    C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Cache\00DC2A4E.bin
    C:\Program Files\MyWebSearch\bar\Cache\00DC2C9F.bin
    C:\Program Files\MyWebSearch\bar\Cache\00DC2ED2.bin
    C:\Program Files\MyWebSearch\bar\Cache\00DC30E5.bin
    C:\Program Files\MyWebSearch\bar\Cache\00DC3346.bin
    C:\Program Files\MyWebSearch\bar\Cache\00DC355A
    C:\Program Files\MyWebSearch\bar\Cache\0428CC9F.w
    C:\Program Files\MyWebSearch\bar\Cache\0428D411
    C:\Program Files\MyWebSearch\bar\Cache\0428D72E.bin
    C:\Program Files\MyWebSearch\bar\Cache\0428DDC6.bin
    C:\Program Files\MyWebSearch\bar\Cache\0428E2C7.bin
    C:\Program Files\MyWebSearch\bar\Cache\0428E557.bin
    C:\Program Files\MyWebSearch\bar\Cache\files.ini
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
    C:\Program Files\MyWebSearch\bar\History\search3
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
    C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\network monitor
    C:\Program Files\network monitor\netmon.exe
    C:\Program Files\webhancer
    C:\Program Files\webhancer\Programs\sporder.dll
    C:\Program Files\webhancer\Programs\webhdll.dll
    C:\Program Files\webhancer\Programs\whagent.exe
    C:\Program Files\webhancer\Programs\whagent.ini
    C:\Program Files\webhancer\Programs\whiehlpr.dll
    C:\Program Files\webhancer\Programs\whinstaller.exe
    C:\RECYCLER\ADAPT_Installer.exe
    C:\Temp\1cb
    C:\Temp\1cb\syscheck.log
    C:\WINDOWS\BM1fe4ae61.txt
    C:\WINDOWS\BM1fe4ae61.xml
    C:\WINDOWS\Fonts\'
    C:\WINDOWS\Fonts\a.zip
    C:\WINDOWS\Fonts\Setup.exe
    C:\WINDOWS\Fonts\svchost.exe
    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\atmtd.dll
    C:\WINDOWS\system32\awtqnkhe.dll
    C:\WINDOWS\system32\awtsPFXp.dll
    C:\WINDOWS\system32\BcfMVvut.ini
    C:\WINDOWS\system32\BcfMVvut.ini2
    C:\WINDOWS\system32\bqhwotdc.ini
    C:\WINDOWS\system32\c1
    C:\WINDOWS\system32\c1\OLV23U32.exe
    C:\WINDOWS\system32\cbhdkkpy.ini
    C:\WINDOWS\system32\CJlnoUtv.ini
    C:\WINDOWS\system32\CJlnoUtv.ini2
    C:\WINDOWS\system32\dfepruus.ini
    C:\WINDOWS\system32\dygxbo.dll
    C:\WINDOWS\system32\fccaArpM.dll
    C:\WINDOWS\system32\hkqttsvemn.dll
    C:\WINDOWS\system32\hmnbndwa.ini
    C:\WINDOWS\system32\iifdbYRH.dll
    C:\WINDOWS\system32\JkRuvGgh.ini
    C:\WINDOWS\system32\JkRuvGgh.ini2
    C:\WINDOWS\system32\ljJBuTnl.dll
    C:\WINDOWS\system32\lnTuBJjl.ini
    C:\WINDOWS\system32\lSBLRtwa.ini
    C:\WINDOWS\system32\lSBLRtwa.ini2
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\mlJBUOEW.dll
    C:\WINDOWS\system32\MSINET.oca
    C:\WINDOWS\system32\mTsAGOYb.ini
    C:\WINDOWS\system32\mTsAGOYb.ini2
    C:\WINDOWS\system32\opnnKCRH.dll
    C:\WINDOWS\system32\pac.txt
    C:\WINDOWS\system32\pgnaotkw.dll
    C:\WINDOWS\system32\PrYHOXbc.ini
    C:\WINDOWS\system32\PrYHOXbc.ini2
    C:\WINDOWS\system32\x64
    C:\WINDOWS\system32\YaHjlnmp.ini
    C:\WINDOWS\system32\YaHjlnmp.ini2
    C:\WINDOWS\system32\yfjkxeps.ini
    C:\WINDOWS\T3duZXI\
    C:\WINDOWS\T3duZXI\\asappsrv.dll
    C:\WINDOWS\T3duZXI\\command.exe
    C:\WINDOWS\T3duZXI\\naxRtrK.vbs
    C:\WINDOWS\T3duZXI\command.exe
    C:\WINDOWS\uninstall_nmon.vbs

    ----- BITS: Possible infected sites -----

    hxxp://webstore.loadit.com.au
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CMDSERVICE
    -------\Legacy_MYWEBSEARCHSERVICE
    -------\Legacy_NETWORK_MONITOR
    -------\Service_cmdService
    -------\Service_MyWebSearchService
    -------\Service_Network Monitor


    ((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
    .

    2008-10-15 08:58 . 2006-10-05 23:09 155,648 -ra------ C:\WINDOWS\system32\igfxres.dll
    2008-10-15 08:52 . 2004-08-04 22:00 562,176 --a--c--- C:\WINDOWS\system32\dllcache\fxsst.dll
    2008-10-15 08:51 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll
    2008-10-15 08:50 . 2008-10-15 08:50 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
    2008-10-15 08:49 . 2008-10-15 08:49 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
    2008-10-15 08:49 . 2008-10-15 08:49 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
    2008-10-15 08:49 . 2008-10-15 08:49 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
    2008-10-15 08:49 . 2008-10-15 08:49 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
    2008-10-15 08:49 . 2008-10-15 08:49 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
    2008-10-15 08:39 . 2004-08-04 22:00 1,086,058 -ra------ C:\WINDOWS\SET56.tmp
    2008-10-15 08:39 . 2004-08-04 22:00 1,042,903 -ra------ C:\WINDOWS\SET53.tmp
    2008-10-15 08:02 . 2008-10-15 08:51 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
    2008-10-15 08:02 . 2008-10-15 08:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
    2008-10-15 08:01 . 2004-08-04 22:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
    2008-10-15 07:49 . 2004-08-04 22:00 1,086,058 -ra------ C:\WINDOWS\SET89.tmp
    2008-10-15 07:49 . 2004-08-04 22:00 1,042,903 -ra------ C:\WINDOWS\SET86.tmp
    2008-10-15 07:49 . 2004-08-04 22:00 13,753 -ra------ C:\WINDOWS\SET95.tmp
    2008-10-10 23:25 . 2008-10-10 23:25 88,064 --a------ C:\WINDOWS\system32\rarulfjs.dll
    2008-10-10 10:31 . 2007-12-24 16:37 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
    2008-10-10 10:29 . 2008-10-10 19:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HouseCall 6.6
    2008-10-10 09:48 . 2008-10-10 09:48 <DIR> d-------- C:\WINDOWS\Sun
    2008-10-10 09:44 . 2008-10-10 09:44 0 --a------ C:\WINDOWS\nsreg.dat
    2008-10-10 09:32 . 2008-10-10 09:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OSI
    2008-10-05 19:56 . 2008-10-06 12:52 <DIR> d-------- C:\Program Files\pictures
    2008-10-05 19:28 . 2008-10-05 19:37 14,298,221 --a------ C:\Dance Hip Hop Mix - Nelly, Ja Rule, Outkast, Shaggy, Destinys Child, Jlo, Jay-Z, Mystikal, Sysco, Dmx, Snoop Dogg.mp3
    2008-10-05 17:39 . 2008-10-06 14:37 <DIR> d-------- C:\Program Files\Windows Defender
    2008-10-05 17:28 . 2008-10-05 17:28 <DIR> d-------- C:\Documents and Settings\Administrator\PrivacIE
    2008-10-05 17:10 . 2008-10-06 12:52 <DIR> d----c--- C:\WINDOWS\ie8
    2008-10-02 21:23 . 2008-10-02 21:23 <DIR> d-------- C:\Program Files\Slots_Heartbeat
    2008-10-02 21:23 . 2008-10-02 21:23 <DIR> d-------- C:\Program Files\Slot_Music
    2008-10-02 21:22 . 2008-10-05 21:26 <DIR> d-------- C:\Program Files\Norton PC Checkup
    2008-10-02 12:31 . 2008-10-02 13:32 <DIR> d-------- C:\$AVG8.VAULT$
    2008-10-02 12:25 . 2008-10-02 21:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8(2)
    2008-10-02 09:08 . 2008-10-10 09:10 <DIR> d-------- C:\Documents and Settings\Administrator\.housecall6.6
    2008-10-02 00:07 . 2008-10-02 00:07 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
    2008-10-02 00:03 . 2008-10-06 12:51 <DIR> d-------- C:\WINDOWS\system32\rontz
    2008-10-02 00:03 . 2008-10-06 12:51 <DIR> d-------- C:\WINDOWS\system32\psc
    2008-10-02 00:03 . 2008-10-02 13:30 <DIR> d-------- C:\WINDOWS\system32\EV02
    2008-10-02 00:03 . 2008-10-02 00:03 <DIR> d-------- C:\Temp\xp34
    2008-10-02 00:03 . 2008-10-15 09:10 <DIR> d-------- C:\Temp
    2008-10-02 00:03 . 2008-10-02 00:03 71,824 --a------ C:\WINDOWS\system32\ppwxzhsbzkmu.exe
    2008-10-01 16:18 . 2008-10-01 16:18 <DIR> d-------- C:\ConvertTemp
    2008-09-26 21:00 . 2008-09-26 21:00 65 --a------ C:\WINDOWS\FISHUI.INI
    2008-09-26 17:39 . 2008-09-26 17:27 24,576 --a------ C:\WINDOWS\sms.db
    2008-09-26 16:41 . 2008-09-26 16:42 <DIR> d-------- C:\WINDOWS\system32\URTTemp
    2008-09-26 01:47 . 2008-09-26 18:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DataCast
    2008-09-25 22:31 . 2008-09-25 22:31 <DIR> d-------- C:\Program Files\XviD
    2008-09-25 22:31 . 2008-09-25 22:31 <DIR> d-------- C:\Program Files\Lame MP3 Codec
    2008-09-25 22:31 . 2002-12-03 22:13 1,048,576 --a------ C:\WINDOWS\system32\lameACM.acm
    2008-09-25 22:31 . 2005-05-03 09:33 299,008 --a------ C:\WINDOWS\system32\LAME_MP3.dll
    2008-09-25 22:31 . 2008-09-25 22:31 65,024 --a------ C:\WINDOWS\IFinst26.exe
    2008-09-25 22:31 . 2004-12-10 21:29 401 --a------ C:\WINDOWS\system32\lame_acm.xml
    2008-09-25 22:30 . 2008-09-25 22:30 <DIR> d-------- C:\Program Files\MarkAny
    2008-09-25 16:04 . 2008-09-25 16:04 <DIR> dr------- C:\Documents and Settings\Administrator\Application Data\Brother
    2008-09-22 07:55 . 2008-09-22 07:55 <DIR> d-------- C:\Program Files\LoadIt
    2008-09-22 07:52 . 2004-08-04 22:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-09-21 21:13 . 2008-10-15 09:03 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-09-21 21:12 . 2008-09-21 21:12 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2008-09-20 15:19 . 2008-09-26 17:35 33 --a------ C:\WINDOWS\Multimedia manager.INI
    2008-09-19 08:28 . 2008-09-19 08:28 <DIR> d-------- C:\Documents and Settings\Administrator\System
    2008-09-19 08:28 . 2008-09-19 09:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SmartDraw
    2008-09-19 08:19 . 2008-09-19 08:28 <DIR> d-------- C:\Program Files\SmartDraw 2009
    2008-09-18 16:57 . 2008-09-18 16:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-09-18 16:57 . 2008-09-18 16:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
    2008-09-18 09:55 . 2008-09-28 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
    2008-09-18 09:54 . 2008-09-18 09:55 <DIR> d-------- C:\Program Files\Yahoo!
    2008-09-17 09:21 . 2008-09-17 09:25 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
    2008-09-17 09:21 . 2008-09-17 09:21 <DIR> d-------- C:\WINDOWS\Logs
    2008-09-15 10:57 . 2008-09-15 10:57 <DIR> d-------- C:\Program Files\SonicWallES

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-10 14:19 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-10-09 23:01 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-09 22:37 --------- d-----w C:\Program Files\IncrediMail
    2008-10-02 03:20 --------- d-----w C:\Program Files\STK018_V2.01
    2008-09-27 04:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ahead
    2008-09-26 07:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-25 15:46 --------- d-----w C:\Program Files\Samsung
    2008-09-25 12:44 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
    2008-09-24 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2008-09-24 11:22 --------- d-----w C:\Program Files\Pokie Magic Games
    2008-09-24 11:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-21 11:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ArcSoft
    2008-09-08 13:42 5,632 ----a-w C:\WINDOWS\system32\drivers\StarOpen.sys
    2008-09-08 12:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
    2008-09-08 12:39 --------- d-----w C:\Documents and Settings\Administrator\Application Data\CyberLink
    2008-09-02 17:03 --------- d-----w C:\Program Files\Microsoft Works
    2008-09-02 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-08-31 14:25 --------- d-----w C:\Program Files\Eagleslots Games
    2008-08-30 00:36 --------- d-----w C:\Program Files\NOS
    2008-08-30 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
    2008-08-28 12:42 --------- d-----w C:\Program Files\Sun
    2008-08-28 12:42 --------- d-----w C:\Program Files\Java
    2008-08-28 12:40 --------- d-----w C:\Program Files\Common Files\Java
    2008-08-22 01:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
    2008-08-22 01:11 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ulead Systems
    2008-08-22 00:57 --------- d-----w C:\Program Files\Ulead Systems
    2008-08-22 00:51 --------- d-----w C:\Program Files\Common Files\ArcSoft
    2008-08-22 00:51 --------- d-----w C:\Program Files\ArcSoft
    2008-08-21 15:43 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Amaranth Games
    2008-08-21 15:39 0 ----a-w C:\Program Files\temp01
    2008-08-20 04:52 --------- d-----w C:\Program Files\FriendsReunited Games
    2008-08-17 04:00 --------- d-----w C:\Program Files\PC Wizard 2008
    2008-08-14 14:19 --------- d-----w C:\Program Files\Trend Micro
    2008-07-31 00:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
    2008-07-31 00:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
    2008-07-31 00:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
    2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
    2008-07-18 12:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
    2008-07-18 12:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
    2008-07-16 04:17 1,082,880 ----a-w C:\WINDOWS\system32\AutoPartNt.exe
    2008-06-20 06:04 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008062020080621\index.dat
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1FEC19E-F893-4b56-9CC7-CFF71BB34693}]
    2008-10-10 23:25 88064 --a------ C:\WINDOWS\system32\rarulfjs.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C514A4E5-E889-4CA8-BE28-CAC7E19F25FE}]
    2008-10-10 09:44 274432 --a------ C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{AB26BF6C-BB04-4F00-8F98-BDE786CDE97D}"= "C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll" [2008-10-10 274432]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-09-24 243072]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
    "Messenger (Yahoo!)"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
    "LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
    "OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2006-04-12 1261475]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
    "SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
    "SMSTray"="C:\Program Files\Samsung\EmoDio\SMSTray.exe" [2008-06-23 479232]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-05 98304]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-05 114688]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-05 94208]
    "SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - D:\Program Files\LimeWire\LimeWire.exe [2008-01-11 147456]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{88485281-8b4b-4f8d-9ede-82e29a064277}"= "C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL" [2004-11-23 192512]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "D:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
    "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "D:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\WINDOWS\\system32\\muzapp.exe"=
    "C:\\Documents and Settings\\Administrator\\My Documents\\LimeWire\\LimeWire.exe"=

    S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-06-21 29696]
    S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
    S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
    S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84937b6a-988b-11dc-95d2-001b11ba634a}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a
    .
    Contents of the 'Scheduled Tasks' folder

    2008-10-14 C:\WINDOWS\Tasks\MP Scheduled Scan.job
    - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

    2008-10-14 C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
    - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 07:29]
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{26BBC9E7-6D91-4906-8C0E-1A0F57504765} - C:\WINDOWS\system32\ljJBuTnl.dll
    BHO-{6ED58621-F7B2-49CB-8CC9-44F60EA60408} - C:\WINDOWS\system32\awtRLBSl.dll
    BHO-{b737faa8-1046-f371-411e-3eea709875cc} - C:\WINDOWS\system32\hkqttsvemn.dll
    BHO-{E2BEA67D-2FB5-4E5F-9FA1-98370264D18F} - C:\WINDOWS\system32\cbXOHYrP.dll
    HKCU-Run-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
    HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL
    HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
    HKLM-Run-vteykhfxcffsm - C:\WINDOWS\system32\hkqttsvemn.dll


    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l11ea3wu.default\
    FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
    FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-10-15 09:16:43
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    .
    **************************************************************************
    .
    Completion time: 2008-10-15 9:22:10 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-10-14 23:22:06

    Pre-Run: 63,244,353,536 bytes free
    Post-Run: 64,149,434,368 bytes free

    386 --- E O F --- 2008-10-12 12:37:06
     
  8. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:26:29 AM, on 15/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Opera\opera.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchsave.com/index.php?sm=home
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {C1FEC19E-F893-4b56-9CC7-CFF71BB34693} - C:\WINDOWS\system32\rarulfjs.dll
    O2 - BHO: BrowserHelperEFO Class - {C514A4E5-E889-4CA8-BE28-CAC7E19F25FE} - C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Yahoo!7 Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: EFOToolbar - {AB26BF6C-BB04-4F00-8F98-BDE786CDE97D} - C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: LimeWire On Startup.lnk = LimeWire\LimeWire.exe
    O4 - Global Startup: STK018 PNP Monitor.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O8 - Extra context menu item: &3D Satellite Search - res://C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll/GoSatteliteSearch.dll.htm
    O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: S&earchSave Web Search - res://C:\Documents and Settings\Administrator\Application Data\OSI\dlls\EFOToolbar.dll/GoWebSearch.dll.htm
    O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1195688322406
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B7EBAEF-6B19-4424-805B-46FC78632DAF}: Domain = nsw.bigpond.net.au
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

    --
    End of file - 8485 bytes


    is this right thankyou for the help
     
  9. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I would highly recommend UNINSTALLING Limewire.
     
  10. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    ok i will do that now
     
  11. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    ok i got rid of it what should i do now thanks aca candy
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    (y) Cybertech will be back with you in the morning. She's off line right now.
     
  13. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    ok thankyou
     
  14. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    (y) You're welcome. Have a pleasant evening.

    Oops, I see you're on the other side of the pond :eek: so, have a pleasant whatever the hour is there now :D
     
  15. kanachoe

    kanachoe Thread Starter

    Joined:
    Apr 20, 2007
    Messages:
    392
    same to you its 2.06 pm here
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/758320

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice