HELP ME PLEASE!

View previous topic View next topic Go down

Solved HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 4:48 pm

ok this all started this morning, i turned on my pc and it gave me a message that i was missing "nvcpl.dll" so i went to ddl-files.com and got it, and put it where it needed to go, but then another message about "svspool.exe" getting the runtime to close it in an usual way, followed by another message about "nvcpl.dll". after everything i have tried, the only thing i can think of is a virus. i have run MBAM and no results from that, here is my hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:36 AM, on 26/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Zone\Acer Zone TV Enhance\TVEService.exe
C:\Windows\System32\eTCrtMng.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ryan\Desktop\Hijack(GP)This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 5.253.1.199 ryanserver.mine.nu
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\Acer Zone\Acer Zone TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [eTCertManger] C:\Windows\system32\eTCrtMng.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [EVGAPrecision] "C:\Program Files\EVGA Precision\EVGAPrecisionWrapper.exe" /s
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media TV Service - CyberLink - C:\Program Files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eToken Notification Service (ETOKSRV) - Aladdin Knowledge Systems, Ltd. - C:\Windows\system32\eTSrv.exe
O23 - Service: Google Update Service (gupdate1c95c3e485e9326) (gupdate1c95c3e485e9326) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdcserv.exe
O23 - Service: lxdc_device - - C:\Windows\system32\lxdccoms.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Quick Macros (quickmacros2) - Unknown owner - C:\Program Files\Quick Macros 2\qmserv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe

--
End of file - 13296 bytes

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 5:27 pm

Lets take a look around.


  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
    Link 3
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Click No for Optional Scan.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 5:35 pm

Had to split into 2 parts, was toooo long

DDS (Ver_09-01-19.01) - NTFSx86
Run by ryan at 12:32:09.14 on 26/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.2.1033.18.2047.1005 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Quick Macros 2\qmserv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\taskeng.exe
C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer Zone\Acer Zone TV Server\Kernel\DMSTV\CLMSServer.exe
C:\Windows\system32\eTSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\lxdccoms.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\AC Web Ultimate Repack\Server\apache\bin\apache.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVECapSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer Zone\Acer Zone TV Enhance\Kernel\TV\TVESched.exe
C:\Windows\system32\UI0Detect.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer Zone\Acer Zone TV Enhance\TVEService.exe
C:\Windows\System32\eTCrtMng.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Users\ryan\Desktop\runescape.exe
C:\Windows\system32\UI0Detect.exe
C:\Users\ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J9WZ12M9\dds[1].com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.ca.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ca.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.0.0.125\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No File
uRun: [????r]
uRun: [?????????] ??????????????e
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Acer Empowering Technology Monitor] c:\windows\system32\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [TVEService] "c:\program files\acer zone\acer zone tv enhance\TVEService.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [eTCertManger] c:\windows\system32\eTCrtMng.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [lxdcamon] "c:\program files\lexmark 1300 series\lxdcamon.exe"
mRun: []
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009\5.0\CPMonitor.exe"
mRun: [EVGAPrecision] "c:\program files\evga precision\EVGAPrecisionWrapper.exe" /s
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~3\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office12\GRA8E1~1.DLL

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 5:36 pm

================= FIREFOX ===================

FF - ProfilePath - c:\users\ryan\appdata\roaming\mozilla\firefox\profiles\x3syya8b.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.daemon-search.com/startpage
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google updater\2.4.1425.4532\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\ryan\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1000000.07d\SymEFA.sys [2009-1-2 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1000000.07d\BHDrvx86.sys [2009-1-2 254512]
R1 c2scsi;c2scsi;c:\windows\system32\drivers\C2SCSI.SYS [2007-2-13 248696]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1000000.07d\ccHPx86.sys [2009-1-2 362544]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090115.001\IDSvix86.sys [2009-1-15 289840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-2 99376]
R3 kbdcap;kbdcap;c:\windows\system32\drivers\KbdCap.sys [2008-12-18 109440]
R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybx86.sys [2006-12-26 892800]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\nav\1000000.07d\symndisv.sys [2009-1-2 40496]
R4 Apache2.2;Apache2.2;c:\ac web ultimate repack\server\apache\bin\apache.exe [2008-9-29 17408]
R4 CyberLink Media TV Service;CyberLink Media TV Service;c:\program files\acer zone\acer zone tv server\kernel\dmstv\CLMSServer.exe [2008-7-16 262237]
R4 lxdc_device;lxdc_device;c:\windows\system32\lxdccoms.exe -service --> c:\windows\system32\lxdccoms.exe -service [?]
R4 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.0.0.125\ccSvcHst.exe [2009-1-2 115560]
R4 quickmacros2;Quick Macros;c:\program files\quick macros 2\qmserv.exe [2008-11-7 9728]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-25 809296]
R4 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Host.exe [2008-7-16 181544]
R4 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\acer zone\acer zone tv enhance\kernel\tv\TVECapSvc.exe [2008-7-16 286812]
R4 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\acer zone\acer zone tv enhance\kernel\tv\TVESched.exe [2008-7-16 110682]
S3 NPF;Netgroup Packet Filter;c:\windows\system32\drivers\npf.sys [2008-12-18 32512]
S3 qmphook;QM process triggers;c:\program files\quick macros 2\qmphook.sys [2008-11-7 4096]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2008-8-14 1124848]
S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-9-17 549159]
S4 gupdate1c95c3e485e9326;Google Update Service (gupdate1c95c3e485e9326);c:\program files\google\update\GoogleUpdate.exe [2008-12-12 119280]
S4 lxdcCATSCustConnectService;lxdcCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdcserv.exe [2007-5-25 99248]
S4 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S4 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S4 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]

=============== Created Last 30 ================

2009-01-26 11:20 5,608 a------- c:\windows\system32\PerfStringBackup.TMP
2009-01-26 11:16 -cd-h--- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-26 11:16 -cd-h--- c:\progra~2\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-01-26 10:49 97,800 a------- c:\windows\system32\infocardapi.dll
2009-01-26 10:49 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-01-26 10:49 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-01-26 10:49 622,080 a------- c:\windows\system32\icardagt.exe
2009-01-26 10:49 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-01-26 10:49 11,264 a------- c:\windows\system32\icardres.dll
2009-01-26 10:49 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-01-26 10:49 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-01-26 10:44 96,760 a------- c:\windows\system32\dfshim.dll
2009-01-26 10:44 282,112 a------- c:\windows\system32\mscoree.dll
2009-01-26 10:44 41,984 a------- c:\windows\system32\netfxperf.dll
2009-01-26 10:44 158,720 a------- c:\windows\system32\mscorier.dll
2009-01-26 10:43 83,968 a------- c:\windows\system32\mscories.dll
2009-01-26 10:39 --d-hr-- C:\AHCache
2009-01-26 10:06 1,404,928 a------- c:\windows\system32\nvcpl.dll
2009-01-26 10:05 --d----- c:\windows\system32\nvcpl
2009-01-26 09:57 45 a------- c:\windows\system32\initdebug.nfo
2009-01-26 09:26 --d----- c:\users\ryan\appdata\roaming\Uniblue
2009-01-26 09:26 --d----- c:\program files\Uniblue
2009-01-26 09:25 -cd-h--- c:\programdata\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-01-26 09:25 -cd-h--- c:\progra~2\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-01-25 22:02 --d----- c:\program files\CedarLogic
2009-01-25 19:29 --d----- c:\windows\system32\IntelBurnTest
2009-01-25 11:31 --d----- c:\users\ryan\appdata\roaming\J River
2009-01-21 20:06 --d----- c:\program files\EVGA Precision
2009-01-18 20:41 --d----- c:\programdata\media center programs
2009-01-18 20:41 --d----- c:\progra~2\media center programs
2009-01-17 13:36 --d----- c:\program files\QS
2009-01-17 11:00 --d----- c:\programdata\Brother
2009-01-17 11:00 --d----- c:\progra~2\Brother
2009-01-17 09:37 --d----- c:\programdata\Uninstall
2009-01-17 09:37 --d----- c:\progra~2\Uninstall
2009-01-17 09:22 --d----- c:\program files\Roxio Creator 2009
2009-01-17 09:21 --d----- c:\programdata\eSellerate
2009-01-17 09:21 --d----- c:\progra~2\eSellerate
2009-01-17 09:21 --d----- c:\programdata\SmartSound Software Inc
2009-01-17 09:21 --d----- c:\program files\SmartSound Software
2009-01-17 09:21 --d----- c:\progra~2\SmartSound Software Inc
2009-01-16 17:05 --d----- c:\users\ryan\appdata\roaming\Lexmark Productivity Studio
2009-01-16 17:00 --d----- c:\program files\Lx_cats
2009-01-16 16:55 --d----- c:\program files\Lexmark Toolbar
2009-01-16 16:54 --d----- c:\program files\Lexmark 1300 Series
2009-01-16 16:54 585,728 a------- c:\windows\system32\lxdclmpm.dll
2009-01-16 16:54 537,520 a------- c:\windows\system32\lxdccoms.exe
2009-01-16 16:53 --d----- C:\drivers
2009-01-16 16:30 --d----- c:\programdata\Hewlett-Packard
2009-01-16 16:23 117,760 a------- c:\windows\system32\hpzll4v2.dll
2009-01-16 16:18 --d----- c:\program files\HP_Vista_SF_Ph1
2009-01-16 15:45 38 a------- c:\windows\AviSplitter.INI
2009-01-16 07:14 23 a------- c:\windows\BlendSettings.ini
2009-01-16 06:15 --d----- c:\program files\Bethesda Softworks
2009-01-16 06:14 --d----- c:\users\ryan\appdata\roaming\DAEMON Tools Pro
2009-01-16 06:14 --d----- c:\programdata\DAEMON Tools Lite
2009-01-16 06:14 --d----- c:\progra~2\DAEMON Tools Lite
2009-01-16 06:13 --d----- c:\program files\DAEMON Tools Lite
2009-01-16 06:13 --d----- c:\users\ryan\appdata\roaming\DAEMON Tools Lite
2009-01-16 06:10 --d----- c:\program files\MagicISO
2009-01-08 18:22 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-08 18:01 --d----- c:\program files\Microsoft Visual Studio 8
2009-01-07 18:01 --d----- c:\program files\Object Media
2009-01-02 19:47 --d----- c:\users\ryan\appdata\roaming\Malwarebytes
2009-01-02 19:47 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-02 19:47 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-02 19:47 --d----- c:\programdata\Malwarebytes
2009-01-02 19:47 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-02 19:47 --d----- c:\progra~2\Malwarebytes
2009-01-02 17:30 --d--r-- c:\program files\Norton Support
2009-01-02 17:24 25,136 a----r-- c:\windows\system32\drivers\SymIMV.sys
2009-01-02 17:24 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 17:24 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 17:24 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 17:23 --d----- c:\windows\system32\drivers\NAV
2009-01-02 17:23 --d----- c:\program files\Norton AntiVirus
2009-01-02 17:03 --d----- c:\programdata\Norton
2009-01-02 17:03 --d----- c:\progra~2\Norton
2009-01-02 16:59 --d----- c:\programdata\NortonInstaller
2009-01-02 16:59 --d----- c:\program files\NortonInstaller
2009-01-02 16:59 --d----- c:\progra~2\NortonInstaller
2009-01-02 14:19 --d----- c:\users\ryan\appdata\roaming\BitDefender
2009-01-02 14:18 --d----- c:\programdata\BitDefender
2009-01-02 14:18 --d----- c:\program files\BitDefender
2009-01-02 14:18 --d----- c:\progra~2\BitDefender
2009-01-02 14:15 --d----- c:\program files\common files\BitDefender
2009-01-02 13:58 --d----- c:\programdata\Avira
2009-01-02 13:58 --d----- c:\program files\Avira
2009-01-02 13:58 --d----- c:\progra~2\Avira
2008-12-31 11:02 --d----- c:\programdata\Microsoft Help
2008-12-30 09:33 --d----- c:\users\ryan\appdata\roaming\Red Kawa

==================== Find3M ====================

2009-01-26 11:57 34 a------- c:\users\ryan\jagex_runescape_preferences.dat
2009-01-24 16:12 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-24 16:12 51,200 a------- c:\windows\inf\infpub.dat
2009-01-16 16:59 86,016 a------- c:\windows\inf\infstor.dat
2008-12-18 12:17 249,856 -------- c:\windows\Setup1.exe
2008-12-18 12:17 73,216 a------- c:\windows\ST6UNST.EXE
2008-12-18 12:09 109,440 a------- c:\windows\system32\drivers\KbdCap.sys
2008-12-12 16:28 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-08 19:51 7,168 a------- C:\Hack.dll
2008-12-07 16:01 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-11-12 14:54 6,017,024 a------- c:\windows\system32\nvd3dum.dll
2008-11-12 14:54 958,464 a------- c:\windows\system32\nvsvcr.dll
2008-11-12 14:54 637,472 a------- c:\windows\system32\nvsvc.dll
2008-11-12 14:54 602,112 a------- c:\windows\system32\nvapi.dll
2008-11-12 14:54 207,392 a------- c:\windows\system32\nvvsvc.exe
2008-09-25 14:54 87,608 a------- c:\users\ryan\appdata\roaming\inst.exe
2008-09-25 14:54 47,360 a------- c:\users\ryan\appdata\roaming\pcouffin.sys
2008-09-20 13:02 174 a--sh--- c:\program files\desktop.ini
2008-09-20 12:50 665,600 a------- c:\windows\inf\drvindex.dat
2008-09-17 08:16 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2008-08-17 13:47 56 a---h--- c:\programdata\ezsidmv.dat
2008-08-17 13:47 56 a---h--- c:\progra~2\ezsidmv.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 12:32:54.17 ===============

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 5:43 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O4 - HKCU\..\Run: [?????????] ??????????????e


  • Press "Fix Checked"
  • Close Hijack This.

Do you know what this file is?
C:\Hack.dll


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 5:50 pm

Going to take a guess and say somethign i don't want? it may be a chunk left from my counterstrike hacking days?

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 5:51 pm

O4 - HKCU\..\Run: [?????????] ??????????????e

done.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 5:53 pm

was, O4 - HKCU\..\Run: [?????????] ??????????????e supposed to be deleted from the list? because when i scan again it is still there.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 6:25 pm

i still continuously get a popup message saying that spoolsv.exe trying to close an unusual way and that the pc could not load NVCPL.dll

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 6:51 pm

Still looking for that svspool file. Do a computer search for it, see where it's located.

Delete this file.
C:\Hack.dll


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 7:00 pm

the exact error message is: "c:\windows\system32\spoolsv.exe has requested that the run time close in in an unusual way."

that may be of some help as to the location ^ .^ sorry. UPDATE: it is there when i seach for it, in its proper folder and all, maybe it needs the nvcpl.dll to run it? i downloaded nvcpl and put it where it needed to go but no change.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 7:07 pm

should there be as many "svchost.exe" open as there are? there are currently 13 of them as well as rundll32, there are 8 of those open!

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 7:15 pm

would it be better if i just did a restore to b4 this morning?

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 7:19 pm

You could try that.
If not, we can try this.

Okay, lets try re-install the runtime package.
Download VB6 from here:
http://www.microsoft.com/downloads/details.aspx?familyid=bf9a24f9-b5c5-48f4-8edd-cdf2d29a79d5&displaylang=en

Download and install it, it will do everything for you, so you don't have to.
Let me know if the error still remains after that.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 7:52 pm

i re installed the runtime package, but no change, i also tried a resotre but for some reason it will not let me, keeps saying an unspecified error occured during the restore, i tried 3 different restore points. same messages keep coming up.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 7:57 pm

Okay, try this.

Press Start > Run
Type in:
services.msc
Scroll down the list to "Print spooler"
Right click it > Stop
Now close the window and reboot.
Still get the same error message?


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 8:07 pm

same damned messages, the nvcpl.dll one and the spoolsv.exe one, idk what the hell is wrong with this thing!

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 8:34 pm

Moving this to software.
Let me see if I can find anything else.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 8:47 pm

alrighty

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 8:52 pm

idk, but could there be something wrong with the nvcpl.dll thingy? it keeps giving me that message as well at start up, could that be the main cause of it? idk just saying.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 8:56 pm

We may need to update your nvidia drivers.
See here:
http://www.nvidia.com/Download/index.aspx?lang=en-us

Choose the automatic update. (option 2)


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 9:19 pm

alright heres thew deal: i did not get the nvcpl.dll message this time when i rebooted, but the damn spoolsv.exe shit is still there. i cannot think of anything else =s is there any way to just get rid of the damn spooler? i dont even have a printer lol.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 9:26 pm

Well we fixed one error, now lets see if we can find the cause of the other error.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 9:31 pm

i had asked b4, could we somehow just uninstall the whole spooler thing? i do not even have a printer hooked up to this computer.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 9:33 pm

I'm looking into that.
I don't want to cause any damage in doing so.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 9:39 pm

by the way, thank you for solving the other problem.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 9:48 pm

Go to Start > Control Panel > Printer and Faxes.
Delete the default printer, if you have more than the default printer as a printer and it asks you if you would like to make another printer as the new default, say no.

Did you do the services.msc thing to stop the spool service?


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 9:54 pm

what i did: went back into the services.msc and went into print spooler properties, and pressed disable instead of just stop, no printers in the printer/faxes part.

Restarting computer now to test it.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 10:02 pm

still did not fix it, what the hell.... spooler is disabled, there r no printers installed or hooked into the computer....could it be something with a printer somewhere on my network? i don't have access to any of them but idk could that be messin with it? i don't have any other ideas.

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Belahzur on 26th January 2009, 10:05 pm

Me neither. Indifferent or Blank
We'll see if my colleagues have any ideas when he gets online.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 10:10 pm

Ok well thank you very much for your help thus far, at least we got rid of 1 problem.


Last edited by jimybob3 on 26th January 2009, 10:12 pm; edited 1 time in total

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by jimybob3 on 26th January 2009, 10:11 pm

just 1 more question.... should there be 13 svchost.exe's running at once? taking up like 60% of my cpu

jimybob3
Intermediate
Intermediate

Posts Posts : 54
Joined Joined : 2009-01-03
OS OS : vista
Points Points : 28986
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: HELP ME PLEASE!

Post by Doctor Inferno on 27th January 2009, 2:54 am

Hello.

Download this.

Paste it in C:\WINDOWS\system32\

I'm not sure about svchost, as it is said that it could be malware at times. See what Belahzur says.


Please be a GeekPolice fan on Facebook!



Have we helped you? Help us! | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 11976
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104630
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum