Total Security killed My Sound

View previous topic View next topic Go down

Total Security killed My Sound

Post by lightguy531 on 20th September 2009, 9:47 pm

So the computer had Total Security, wouldn't let me run any programs. But I think I got rid of Total Security... BUT, now my sound doesn't work.

Attached is my HJT log, and any help would be greatly appreciated.

PS: Not even the headphone jack produces sound. And I've re-installed the driver.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:38 PM, on 9/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\SkyTel.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\VM303_STI.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis2\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe (User 'Default user')
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Save YouTube Video as MP3 - [You must be registered and logged in to see this link.] Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - [You must be registered and logged in to see this link.]
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - Unknown owner - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10806 bytes

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 20th September 2009, 9:58 pm

Hi

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

==

Please download ComboFix by sUBs
[You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Please save the file to your Desktop, but rename it first:




Important information about ComboFix

Before the download:
  • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
  • It is important to rename ComboFix before the download.
  • Please do not rename ComboFix to other names, but only the one indicated.

After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". [You must be registered and logged in to see this link.] if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:
  • Double click on svchost.exe & follow the prompts.
  • It will attempt to install the Recovery Console:




  • When ComboFix finishes, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" in your next reply.


Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 20th September 2009, 11:35 pm

Deleted Viewpoint... Here's ComboFix Log:
ComboFix 09-09-18.02 - Elijah Elliott 09/20/2009 18:45.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.449 [GMT -4:00]
Running from: c:\documents and settings\Elijah Elliott\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Elijah Elliott\Cookies\oviryroqop.db
c:\windows\Alcmtr.exe

.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 18:28 . 2005-11-01 07:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-09-16 04:15 . 2009-09-16 04:15 -------- d-----w- c:\program files\iPod
2009-09-16 04:15 . 2009-09-16 04:16 -------- d-----w- c:\program files\iTunes
2009-09-16 04:15 . 2009-09-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 04:11 . 2009-09-16 04:12 -------- d-----w- c:\program files\QuickTime
2009-09-09 01:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 02:56 . 2009-09-08 02:57 -------- d-----w- C:\Combo-Fix
2009-09-08 01:43 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:43 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 01:19 . 2009-09-08 02:57 -------- d-----w- c:\program files\Trend Micro
2009-09-08 00:37 . 2009-09-08 00:37 19960 ----a-w- c:\windows\jucoletyf.com
2009-09-08 00:37 . 2009-09-08 00:37 19327 ----a-w- c:\windows\system32\aguhejy.dat
2009-09-06 21:58 . 2009-09-06 21:58 -------- d-----w- c:\program files\DVDVideoSoft
2009-09-04 20:56 . 2009-09-04 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 20:56 . 2009-09-08 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 20:56 . 2009-09-04 20:56 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\SUPERAntiSpyware.com
2009-09-04 06:11 . 2009-09-04 06:11 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 22:43 . 2008-11-14 21:06 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\DNA
2009-09-20 22:39 . 2006-09-14 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-20 22:38 . 2006-07-19 18:28 -------- d-----w- c:\program files\Viewpoint
2009-09-20 18:33 . 2008-11-14 21:06 -------- d-----w- c:\program files\DNA
2009-09-20 18:27 . 2006-07-19 02:48 -------- d-----w- c:\program files\Realtek
2009-09-19 19:34 . 2006-10-25 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-16 04:18 . 2006-10-30 18:11 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\Apple Computer
2009-09-16 04:15 . 2007-08-29 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-09-09 07:11 . 2009-05-05 13:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 07:01 . 2009-08-11 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 02:59 . 2006-07-18 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 02:32 . 2009-09-08 02:32 248 ----a-w- c:\program files\fjloo.txt
2009-09-08 01:43 . 2008-12-08 21:52 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\Malwarebytes
2009-09-08 01:43 . 2008-12-08 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 21:58 . 2009-07-02 19:49 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-12 19:17 . 2006-07-18 19:56 83536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:10 . 2009-08-11 20:02 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 20:02 . 2009-08-02 01:43 -------- d-----w- c:\program files\MSBuild
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\program files\Microsoft.NET
2009-08-11 19:54 . 2009-08-11 19:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-11 12:37 . 2006-11-28 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-11 12:37 . 2006-07-19 01:53 -------- d-----w- c:\program files\Common Files\Network Associates
2009-08-11 12:37 . 2009-08-11 12:37 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-11 12:37 . 2009-08-11 12:35 -------- d-----w- c:\program files\McAfee
2009-08-10 12:43 . 2009-08-10 12:43 -------- d-----w- c:\program files\CCleaner
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 17:18 . 2009-08-02 17:18 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\toshiba
2009-08-02 17:18 . 2006-07-19 02:50 -------- d-----w- c:\program files\Toshiba
2009-08-02 16:51 . 2009-08-02 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-02 13:28 . 2009-08-02 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-02 12:24 . 2009-08-02 12:24 137 ----a-w- c:\documents and settings\Elijah Elliott\Local Settings\Application Data\fusioncache.dat
2009-08-02 12:04 . 2006-07-19 01:52 -------- d-----w- c:\program files\Network Associates
2009-08-02 12:04 . 2006-07-19 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-08-02 01:43 . 2009-08-02 01:43 -------- d-----w- c:\program files\Reference Assemblies
2009-07-26 13:37 . 2008-07-31 02:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-03-10 08:02 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-10-28 01:28 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2008-09-29 12:07 . 2009-08-11 12:37 22576 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
2008-01-27 23:21 . 2008-01-27 23:21 72 --sh--w- c:\windows\S7E514102.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-04-30 49152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-25 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-10 16207360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2009-1-9 1901280]

c:\documents and settings\Elijah Elliott\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-18 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CNUpdater.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [7/18/2006 11:28 AM 6528]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [1/30/2009 6:14 PM 125304]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/11/2009 8:37 AM 67904]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/11/2009 8:37 AM 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: cinemanow.com
FF - ProfilePath - c:\documents and settings\Elijah Elliott\Application Data\Mozilla\Firefox\Profiles\bt79vkl9.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\components\scriptff.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-20 18:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2009-09-20 18:51
ComboFix-quarantined-files.txt 2009-09-20 22:51
ComboFix2.txt 2009-09-08 02:55

Pre-Run: 6,301,290,496 bytes free
Post-Run: 6,312,599,552 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
227 --- E O F --- 2009-09-09 07:05

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 12:46 am

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\windows\jucoletyf.com
    c:\windows\system32\aguhejy.dat
    c:\program files\fjloo.txt

    Folder::
    c:\program files\Viewpoint
    c:\documents and settings\All Users\Application Data\Viewpoint
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 1:02 am

Here you go Jay, thanks for your help.:

ComboFix 09-09-18.02 - Elijah Elliott 09/20/2009 20:50.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.422 [GMT -4:00]
Running from: c:\documents and settings\Elijah Elliott\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Elijah Elliott\Desktop\CFscript.txt
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\program files\fjloo.txt"
"c:\windows\jucoletyf.com"
"c:\windows\system32\aguhejy.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Viewpoint
c:\program files\fjloo.txt
c:\program files\Viewpoint
c:\windows\jucoletyf.com
c:\windows\system32\aguhejy.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-21 to 2009-09-21 )))))))))))))))))))))))))))))))
.

2009-09-20 18:28 . 2005-11-01 07:17 135168 ----a-w- c:\windows\system32\RtlCPAPI.dll
2009-09-16 04:15 . 2009-09-16 04:15 -------- d-----w- c:\program files\iPod
2009-09-16 04:15 . 2009-09-16 04:16 -------- d-----w- c:\program files\iTunes
2009-09-16 04:15 . 2009-09-16 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 04:11 . 2009-09-16 04:12 -------- d-----w- c:\program files\QuickTime
2009-09-09 01:59 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 02:56 . 2009-09-08 02:57 -------- d-----w- C:\Combo-Fix
2009-09-08 01:43 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 01:43 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 01:19 . 2009-09-08 02:57 -------- d-----w- c:\program files\Trend Micro
2009-09-06 21:58 . 2009-09-06 21:58 -------- d-----w- c:\program files\DVDVideoSoft
2009-09-04 20:56 . 2009-09-04 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 20:56 . 2009-09-08 02:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-04 20:56 . 2009-09-04 20:56 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\SUPERAntiSpyware.com
2009-09-04 06:11 . 2009-09-04 06:11 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-21 00:52 . 2008-11-14 21:06 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\DNA
2009-09-20 23:02 . 2008-11-14 21:06 -------- d-----w- c:\program files\DNA
2009-09-20 18:27 . 2006-07-19 02:48 -------- d-----w- c:\program files\Realtek
2009-09-19 19:34 . 2006-10-25 20:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-16 04:18 . 2006-10-30 18:11 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\Apple Computer
2009-09-16 04:15 . 2007-08-29 13:15 -------- d-----w- c:\program files\Common Files\Apple
2009-09-09 07:11 . 2009-05-05 13:54 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 07:01 . 2009-08-11 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 02:59 . 2006-07-18 15:25 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-08 01:43 . 2008-12-08 21:52 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\Malwarebytes
2009-09-08 01:43 . 2008-12-08 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-06 21:58 . 2009-07-02 19:49 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-08-12 19:17 . 2006-07-18 19:56 83536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-11 20:10 . 2009-08-11 20:02 -------- d-----w- c:\program files\Microsoft Works
2009-08-11 20:02 . 2009-08-02 01:43 -------- d-----w- c:\program files\MSBuild
2009-08-11 20:01 . 2009-08-11 20:01 -------- d-----w- c:\program files\Microsoft.NET
2009-08-11 19:54 . 2009-08-11 19:54 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-11 12:37 . 2006-11-28 02:28 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-11 12:37 . 2006-07-19 01:53 -------- d-----w- c:\program files\Common Files\Network Associates
2009-08-11 12:37 . 2009-08-11 12:37 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-11 12:37 . 2009-08-11 12:35 -------- d-----w- c:\program files\McAfee
2009-08-10 12:43 . 2009-08-10 12:43 -------- d-----w- c:\program files\CCleaner
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 17:18 . 2009-08-02 17:18 -------- d-----w- c:\documents and settings\Elijah Elliott\Application Data\toshiba
2009-08-02 17:18 . 2006-07-19 02:50 -------- d-----w- c:\program files\Toshiba
2009-08-02 16:51 . 2009-08-02 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-08-02 13:28 . 2009-08-02 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-02 12:24 . 2009-08-02 12:24 137 ----a-w- c:\documents and settings\Elijah Elliott\Local Settings\Application Data\fusioncache.dat
2009-08-02 12:04 . 2006-07-19 01:52 -------- d-----w- c:\program files\Network Associates
2009-08-02 12:04 . 2006-07-19 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-08-02 01:43 . 2009-08-02 01:43 -------- d-----w- c:\program files\Reference Assemblies
2009-07-26 13:37 . 2008-07-31 02:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2005-03-10 08:02 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-10-28 01:28 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2008-09-29 12:07 . 2009-08-11 12:37 22576 ----a-w- c:\program files\mozilla firefox\components\scriptff.dll
2008-01-27 23:21 . 2008-01-27 23:21 72 --sh--w- c:\windows\S7E514102.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="thpsrv" [X]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-01-16 136512]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-04-30 49152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-04-25 1448960]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2006-03-04 88204]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-10 16207360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2009-1-9 1901280]

c:\documents and settings\Elijah Elliott\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2007-12-7 28672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-7-18 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 21:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\123Movies2PSP\\123Movies2PSP.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CNUpdater.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [12/27/2004 11:31 PM 16384]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [7/18/2006 11:28 AM 6528]
R2 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [1/30/2009 6:14 PM 125304]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/5/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/5/2006 5:59 PM 33024]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/11/2009 8:37 AM 67904]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/5/2006 5:33 PM 3456]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [6/10/2005 1:26 PM 35968]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 8:07 AM 19456]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/11/2009 8:37 AM 64432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
Trusted Zone: cinemanow.com
FF - ProfilePath - c:\documents and settings\Elijah Elliott\Application Data\Mozilla\Firefox\Profiles\bt79vkl9.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9090
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\components\scriptff.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}\plugins\npCinemaNowPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-20 20:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(1024)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
.
Completion time: 2009-09-21 20:57
ComboFix-quarantined-files.txt 2009-09-21 00:57
ComboFix2.txt 2009-09-20 22:51
ComboFix3.txt 2009-09-08 02:55

Pre-Run: 6,327,009,280 bytes free
Post-Run: 6,282,735,616 bytes free

Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
231 --- E O F --- 2009-09-09 07:05

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 1:21 am

Hi

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 2:43 am

Malwarebytes' Anti-Malware 1.41
Database version: 2834
Windows 5.1.2600 Service Pack 3

9/20/2009 10:34:53 PM
mbam-log-2009-09-20 (22-34-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170153
Time elapsed: 56 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 35

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\My Safe\Classified.exe (Worm.Daprosy) -> Delete on reboot.
D:\My Safe\fupipivo.dll (Fake.Malware) -> Delete on reboot.
D:\My Safe\Games.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\HiddenFolder.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\kentut.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\mp3.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Documents.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Folder.com (Virus.Rungbu) -> Delete on reboot.
D:\My Safe\My Music\foronandand.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\My Music\inout.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\My Music\My Music.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Pictures\My Pictures.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Secret.fold (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\Photo.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\ppl.mdb (Fake.Malware) -> Delete on reboot.
D:\My Safe\PrisonBreak.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\rafbsvnx.dll (Fake.Malware) -> Delete on reboot.
D:\My Safe\Rated R Pictures.com (Virus.Rungbu) -> Delete on reboot.
D:\My Safe\regscan.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\Skofilde.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\Super Mario X.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\System\Explorer1.exe (Trojan.Logger) -> Delete on reboot.
D:\My Safe\Videos.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 3:16 am

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 4:56 am

What exactly are the options we can go through if we want to clean it, and how would the computer not be 100% secure?

Just want a little more info, because I don't really want to reinstall the OS, as I got the computer through my school, and would need to go to them to reinstall the OS. And I have a lot of things I would have to reinstall and not wanna lose.


thanks.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 5:34 am

Hi

Delete this folder:
D:\My Safe
==
Download [You must be registered and logged in to see this link.] to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Post a log in your next reply.
==
Then, change all passwords and make them really secure. Please [You must be registered and logged in to see this link.] for a good tutorial on how to create a good password.
==

In your next reply, please post the Malwarebytes log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 1:14 pm

Cannot delete D:/ My Safe.. Says Access Denied

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 5:57 pm

Hi

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, please attempt to delete the folder.

==
OR Take ownership of the folder, and then delete it.
See this tutorial: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 7:22 pm

Still saying "Access is Denied"

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 8:16 pm

Hi

Please attempt to delete the contents of the entire folder.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 21st September 2009, 11:35 pm

Folder was empty. Prompted me to create a new back up password in case the finger print reader failed.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 21st September 2009, 11:50 pm

Please continue with the rest of the steps:

Download [You must be registered and logged in to see this link.] to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Full Scan, and press Scan. Post a log in your next reply.
==
Then, change all passwords and make them really secure. Please [You must be registered and logged in to see this link.] for a good tutorial on how to create a good password.
==

In your next reply, please post the Malwarebytes log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 22nd September 2009, 1:20 am

So when I search in D:/My Safe, it says it's empty, but Malwarebytes says differently:

Malwarebytes' Anti-Malware 1.41
Database version: 2839
Windows 5.1.2600 Service Pack 3

9/21/2009 9:18:15 PM
mbam-log-2009-09-21 (21-18-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 170176
Time elapsed: 53 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\megauploadtoolbar (Backdoor.PcClient) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\MegauploadToolbar\uninstall.exe (Backdoor.PcClient) -> Quarantined and deleted successfully.
D:\My Safe\Classified.exe (Worm.Daprosy) -> Delete on reboot.
D:\My Safe\fupipivo.dll (Fake.Malware) -> Delete on reboot.
D:\My Safe\Games.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\HiddenFolder.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\kentut.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\mp3.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Documents.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Folder.com (Virus.Rungbu) -> Delete on reboot.
D:\My Safe\My Music\foronandand.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\My Music\inout.exe (Trojan.Agent) -> Delete on reboot.
D:\My Safe\My Music\My Music.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Music\My Music.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Music\New Song.lagu (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Music\Video.vidz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Pictures\My Pictures.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\My Pictures\My Pictures.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Blue hills.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Sunset.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Water lilies.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\Sample Pictures\Winter.exe (Trojan.Xanib) -> Delete on reboot.
D:\My Safe\My Pictures\seram.pikz (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Secret.fold (Backdoor.Bot) -> Delete on reboot.
D:\My Safe\My Videos\My Video.url (Trojan.Zlob) -> Delete on reboot.
D:\My Safe\Photo.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\ppl.mdb (Fake.Malware) -> Delete on reboot.
D:\My Safe\PrisonBreak.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\rafbsvnx.dll (Fake.Malware) -> Delete on reboot.
D:\My Safe\Rated R Pictures.com (Virus.Rungbu) -> Delete on reboot.
D:\My Safe\regscan.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\Skofilde.Jpg.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\Super Mario X.exe (Trojan.Downloader) -> Delete on reboot.
D:\My Safe\System\Explorer1.exe (Trojan.Logger) -> Delete on reboot.
D:\My Safe\Videos.exe (Worm.AutoRun) -> Delete on reboot.
D:\My Safe\work9\bhobj\bhobj.dll (Adware.WebDir) -> Delete on reboot.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 22nd September 2009, 4:11 am

Hi

It appears that the directory is locked anyway, so nothing can get out of it. Otherwise, your computer is as clean as we could get it.

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 22nd September 2009, 4:21 am

Any way you can direct me to someone to fix my sound problem?

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 22nd September 2009, 4:31 am

Hi

Please download [You must be registered and logged in to see this link.], by right-clicking on that link and selecting Save Target As, or Save Link As. Save it to the Desktop. Then, double-click on it, and confirm the prompt.

Then, reboot your computer. See if your sound is fixed. If not, I have a couple more solutions. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 22nd September 2009, 4:00 pm

No go for that link .... What else do you have that we could try?

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 23rd September 2009, 1:05 am

Hi

Please follow this article and do System File Checker: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 23rd September 2009, 1:24 am

I do not have my XP disc as the computer came through a program with my school, and I'm trying to avoid going to them with my computer because I won't get it back for 3 weeks.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 23rd September 2009, 3:02 am

Hi

1. Please click here: [You must be registered and logged in to see this link.] to start the sound troubleshooter. That link leads to Windows XP Help and Support Center. The link may not work in Firefox. Try it in Internet Explorer.
OR
Start Sound Troubleshooter manually by using the following steps:

  • Click Start, and then click Help and Support.
  • Under Pick a Help Topic, click Fixing a problem.
  • In the navigation pane on the left, click Games, sound, and video problems.
  • In the topic pane, on the right side, click Sound Troubleshooter.

2. Using the Sound Troubleshooter


  • Click the option that describes the problem that is occurring, and then click Next.
  • Repeat step 1 until your problem is resolved or until you have reached the end of the troubleshooting path.

    Note You can click Back at any time to repeat the last step, or you can click Start Over to start the Sound Troubleshooter again.
Determine whether you can now hear sound. If you can hear sound, the issue is resolved. If you cannot, please go to step 3.

3. Update sound drivers
Out-of-date sound drivers may cause sound problems. Check whether an updated sound driver is available. You can use Microsoft Update to help you determine your current sound driver and if an update is available. Then contact the sound driver hardware or the computer manufacturer to request an updated sound driver.

To find out whether applicable driver updates are available, visit the following Microsoft Windows Update Web site: [You must be registered and logged in to see this link.]

Did this fix the problem?


(Source: [You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by lightguy531 on 23rd September 2009, 7:05 pm

Fail. Lol. No updated drivers and Microsoft doesn't want to help.

lightguy531
Novice
Novice

Posts Posts : 33
Joined Joined : 2009-07-03
OS OS : XP SP2
Points Points : 27197
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Total Security killed My Sound

Post by Dr Jay on 23rd September 2009, 7:42 pm

Hi

I would recommend to have your sound card checked at a local computer repair shop. It seems that the software side is okay. That would be the next thing to check out.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14309
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302960
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum