Reinstalling windows

P

Prian

New Member
URGENT now as my computer is coming up with the same threat every time!
Hi guys, i'm new and i need some help!
Well I somehow got some viruses, which have messed up my computer, i have run AVG and it has deleted some of them but my computer is still buggerd, so i put in the recovery cdrom and when i try to reinstall windows it comes up with an error message that says something along the lines of "Cannot find file m5289.sys" i have quite a few important windows files missing because of the viruses and need to know how to stop that error message coming up and how to reinstall windows, thanks for your help.
Prian.
 
Last edited:
When reinstalling Windows, it doesn't matter what's on the HDD, all the necessary data is contained on the CD.

Where is this error message appearing? Is this a legit Windows CD you have?
 
The error message comes up on to the screen after i restart, when it says what i would like to start up, "windows xp professional media edition setup" or something along the lines of that, then i press enter and it starts to scan for files and comes up with the error message.
The cd is the one that came with my mesh pc and says on it, "MESH Computers Recovery CD-ROM" and "Windows XP Midea Center Version 2005 sp2" and some other stuff.
 
It's not all lost, don't panic.
I want to see how badly are you infected, if you are infected at all.
Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
  • Click Save to save the log file and then the log will open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 
Logfile of HijackThis v1.99.1
Scan saved at 18:57:47, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Prian Patel\Desktop\hij\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.meshcomputers.com/
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCMService] -"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] -"C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Ptipbmf] -rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] -C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] -"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] -"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrevxOne] -"C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lsass] -"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [9cab41ab] rundll32.exe "C:\WINDOWS\system32\uvelbual.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] -
O4 - HKCU\..\Run: [lsass] -
O4 - HKCU\..\Run: [PowerBar] -"C:\Program Files\CyberLink\PowerStarter\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DW_Start.lnk = C:\Documents and Settings\Prian Patel\Local Settings\Temp\build_dol.exe
O4 - Startup: lsass.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmbzvbz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - -"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing)
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - -"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe (file missing)
O23 - Service: CyberLink Media Library Service - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Unknown owner - -"C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - -"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
 
Hello!
I've PM-ed an expert on this site, ceewi1.
He will surely help you when/if he gets time.
The thing is, I am not sure how to fix this, it seems as a hard case, and better not to try , I can blow sth up.
I am really unsure about those 01-s, and I have found couple of nasties more there so...
Sorry, keep on this site, ceewi1 comes here usually at this time!
 
We should be able to fix this without resorting to reinstalling Windows, but if you do wish to reinstall Windows, you will need to boot from the installation CD to do so. This will likely involve changing the boot order in the BIOS to boot from CD first.

1. Please download this file - ComboFix to your desktop
2. Double click ComboFix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply together with a new HijackThis log.

Note:
Do not mouseclick ComboFix's window whilst it's running. That may cause it to stall
 
Combofix report.

ComboFix 08-02.05.3 - Prian Patel 2008-02-08 16:39:23.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.548 [GMT 0:00]
Running from: C:\Documents and Settings\Prian Patel\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Prian Patel\Application Data\install.dat
C:\Documents and Settings\Prian Patel\Application Data\ultra
C:\Documents and Settings\Prian Patel\Start Menu\Programs\Startup\DW_Start.lnk
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\Cache
C:\WINDOWS\system32\conf.dat
C:\WINDOWS\system32\jknrglac.dllbox
C:\WINDOWS\system32\laublevu.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini2
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tkgqqfff.ini
C:\WINDOWS\wr.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-07 19:11 . 2008-02-08 16:15 <DIR> d-------- C:\Documents and Settings\Prian Patel\Application Data\AVG7
2008-02-07 19:11 . 2008-02-07 19:11 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-07 18:50 . 2008-02-07 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-07 17:29 . 2008-02-07 17:29 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-02-07 16:57 . 2008-02-07 16:57 <DIR> d-------- C:\$WIN_NT$.~LS
2008-02-07 16:40 . 2006-06-08 16:33 485,203 -ra------ C:\txtsetup.sif
2008-02-07 16:40 . 2006-03-15 12:00 260,272 -ra------ C:\$LDR$
2008-02-06 21:25 . 2008-02-06 21:25 <DIR> d-------- C:\Program Files\HighMAT CD Writing Wizard
2008-02-06 19:57 . 2008-02-06 19:57 <DIR> d-------- C:\Documents and Settings\Prian Patel\Application Data\Grisoft
2008-02-06 19:55 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-06 17:31 . 2008-02-06 17:31 1 --a------ C:\WINDOWS\system32\rc.dat
2008-02-06 17:31 . 2008-02-06 17:31 1 --a------ C:\WINDOWS\system32\ps1.dat
2008-02-06 17:31 . 2008-02-06 17:31 1 --a------ C:\WINDOWS\system32\cs.dat
2008-02-06 17:29 . 2008-02-06 17:29 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-02-06 17:28 . 2008-02-06 17:28 54,764 --a------ C:\WINDOWS\system32\jnhjkfrn
2008-02-06 17:28 . 2008-02-06 17:28 53,760 --a------ C:\WINDOWS\system32\btask.dll
2008-02-06 17:28 . 2008-02-06 17:28 16,384 --a------ C:\WINDOWS\system32\mmmbzvbz.dll
2008-02-06 17:28 . 2008-02-06 17:28 13,312 --a------ C:\njjl.exe
2008-02-06 17:28 . 2008-02-06 17:28 2 --a------ C:\-1666498300
2008-02-05 16:40 . 2008-02-05 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-02-01 18:34 . 2008-02-01 18:34 67 --a------ C:\WINDOWS\DVDRegionFree.INI
2008-01-31 21:45 . 2008-01-31 21:45 <DIR> d-------- C:\Documents and Settings\Prian Patel\Application Data\Uniblue
2008-01-31 21:29 . 2008-01-31 21:30 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-31 21:28 . 2008-01-31 21:28 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-31 21:15 . 2008-01-31 21:35 117,158 --a------ C:\WINDOWS\hpoins11.dat
2008-01-30 16:22 . 2008-01-30 16:22 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-01-30 16:21 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-01-30 16:21 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 19:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:15 --------- d-----w C:\Program Files\SlySoft
2008-01-22 19:56 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-01-02 19:26 --------- d-----w C:\Program Files\Google
2008-01-02 15:33 --------- d-----w C:\Program Files\Sony
2007-12-24 07:15 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-22 20:51 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-22 20:50 --------- d-----w C:\Program Files\iPod
2007-12-22 20:24 --------- d-----w C:\Documents and Settings\Prian Patel\Application Data\OpenOffice.org2
2007-12-21 21:18 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 21:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-21 09:38 --------- d-----w C:\Documents and Settings\Prian Patel\Application Data\vlc
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57fbe3a8-bfe2-43ae-802e-02352e98200c}]
C:\WINDOWS\system32\prdavsyb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7F3D47D-C17F-4D5C-A5B7-F7A5B32B8725}]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1290342-AAFF-4f7c-9F45-D665E4BF1A00}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-ABCD-7DD20B8622FF}]
C:\Program Files\Helper\1202318978.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 19:00 15360]
"MsnMsgr"="-C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"Power2GoExpress"="-" []
"lsass"="-" []
"PowerBar"="-C:\Program Files\CyberLink\PowerStarter\PowerBar.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="-C:\WINDOWS\ehome\ehtray.exe" [ ]
"PCMService"="-C:\Program Files\CyberLink\PowerCinema\PCMService.exe" [ ]
"RemoteControl"="-C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="-C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe" [ ]
"Ptipbmf"="-ptipbmf.dll" []
"High Definition Audio Property Page Shortcut"="-HDAShCut.exe" []
"SoundMAXPnP"="-C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"SoundMAX"="-C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [ ]
"NvCplDaemon"="-C:\WINDOWS\system32\NvCpl.dll" [ ]
"nwiz"="-nwiz.exe" []
"NvMediaCenter"="-C:\WINDOWS\system32\NvMcTray.dll" [ ]
"TkBellExe"="-C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"HP Software Update"="-C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [ ]
"PrevxOne"="-C:\Program Files\Prevx2\PXConsole.exe" [ ]
"QuickTime Task"="-C:\Program Files\QuickTime\qttask.exe" [ ]
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"SunJavaUpdateSched"="-C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [ ]
"9cab41ab"="C:\WINDOWS\system32\uvelbual.dll" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-07 19:11 579072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 19:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-07 19:11 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jknrglac]
jknrglac.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqrpqq]
ssqrpqq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\WINDOWS\system32\mmmbzvbz.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\hshkgq\lsass.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\system32\hshkgq\lsass.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-11-04 12:16]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 19:00]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-07-28 19:28]
S3 EC168BDA;EC168BDA service;C:\WINDOWS\system32\DRIVERS\EC168BDA.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 14:54]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 14:54]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 14:54]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 14:54]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 14:54]
S4 m5287;m5287;C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 07:00]
S4 m5289;m5289;C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 10:49]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da320b0a-e07a-11db-b293-001150b3c53a}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 17:57:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 16:45:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2008-02-08 16:48:36 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-08 16:48:31
.
2008-01-09 22:04:18 --- E O F ---




Hijack this report.

Logfile of HijackThis v1.99.1
Scan saved at 16:51:10, on 08/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Prian Patel\Desktop\hij\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.meshcomputers.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {c00289e2-5320-e208-ea34-2efb8a3ebf75} - {57fbe3a8-bfe2-43ae-802e-02352e98200c} - C:\WINDOWS\system32\prdavsyb.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: (no name) - {C7F3D47D-C17F-4D5C-A5B7-F7A5B32B8725} - C:\WINDOWS\system32\awvtq.dll (file missing)
O2 - BHO: Google Module - {E1290342-AAFF-4f7c-9F45-D665E4BF1A00} - btask.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-ABCD-7DD20B8622FF} - C:\Program Files\Helper\1202318978.dll (file missing)
O4 - HKLM\..\Run: [ehTray] -C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCMService] -"C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] -"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] -"C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [Ptipbmf] -rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] -HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] -C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] -"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] -RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] -nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] -RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] -"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] -C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PrevxOne] -"C:\Program Files\Prevx2\PXConsole.exe"
O4 - HKLM\..\Run: [QuickTime Task] -"C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [9cab41ab] rundll32.exe "C:\WINDOWS\system32\uvelbual.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] -"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] -
O4 - HKCU\..\Run: [lsass] -
O4 - HKCU\..\Run: [PowerBar] -"C:\Program Files\CyberLink\PowerStarter\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: lsass.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\mmmbzvbz.dll
O20 - Winlogon Notify: jknrglac - jknrglac.dll (file missing)
O20 - Winlogon Notify: ssqrpqq - ssqrpqq.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - -"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Unknown owner - -"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - -"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe (file missing)
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - -"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe (file missing)
O23 - Service: CyberLink Media Library Service - Unknown owner - -"C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - -"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - -"C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - -"C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - -"C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe (file missing)
 
There are also other problems like, when i press the volume buttons on my keyboard the bar on the screen showing me how loud it is does not show up and i cannot access Photoshop which i need for school work, i get this error message when i try to access Photoshop.
http://s132.photobucket.com/albums/q7/PrIaN/?action=view&current=ss.jpg
It says "you are not aloud to continue because your account does not have the proper privileges. Please log in using an account with administrative privileges and try again." and i also get messages when i start up saying that i have files missing.
Sorry for being impatient but i have a photography deadline on the 12th and i need Photoshop.:P
 
Dont worry now guys, i reinstalled windows as i needed to do so much school work. Sorry for waisting your time.
 
You must log in or register to reply here.
Back
Top