Attached Files
-
ESET_log.txt 810bytes
399 downloads
WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93117 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
[Resolved] A really tough problem!
Started by
quirmche
, Feb 14 2010 05:24 PM
-
This topic is locked
40 replies to this topic
Register to Remove
#17
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 17 February 2010 - 08:59 PM
I manually removed all that stuff, pretty straight forward!
except:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0070611.exe Win32/Toolbar.AskSBar application
Edited by quirmche, 17 February 2010 - 08:59 PM.
#18
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 18 February 2010 - 04:07 AM
How are we doing?
Did Nurse Ratched up your Meds? 
#19
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 18 February 2010 - 06:32 AM
quirmche,
Good enough. One more scan (this one won't take long) then please run DDS and post the fresh log for me, (DDS.txt only, I don't need the Attach.txt this time). Is your computer running better?
Download Rooter.exe to your desktop
Good enough. One more scan (this one won't take long) then please run DDS and post the fresh log for me, (DDS.txt only, I don't need the Attach.txt this time). Is your computer running better?
Download Rooter.exe to your desktop- Then doubleclick it to start the tool
- A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here
- Rooter log
- DDS log
- Any outstanding issues or symptoms with your PC
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
#20
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 18 February 2010 - 11:06 AM
DDS (Ver_09-06-26.01) - NTFSx86
Run by Stephen at 11:54:19.28 on Thu 02/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2555 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100218-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Memturbo 4\MemTurbo.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Stephen\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Highlight - c:\windows\web\highlight.htm
IE: &Links List - c:\windows\web\urllist.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: I&mages List - c:\windows\web\imglist.htm
IE: Open Frame in &New Window - c:\windows\web\frm2new.htm
IE: Zoom &In - c:\windows\web\zoomin.htm
IE: Zoom O&ut - c:\windows\web\zoomout.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156386693853
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158107097781
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-1 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-13 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-1 112592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-26 236368]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2009-12-30 668912]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-13 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-13 352920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-26 19160]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9ccf99ba708a;Google Update Service (gupdate1c9ccf99ba708a);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S3 rootrepeal[1];rootrepeal[1];\??\c:\windows\system32\drivers\rootrepeal[1].sys --> c:\windows\system32\drivers\rootrepeal[1].sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-1 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-1 1141712]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-12 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-12 234888]
S4 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-9-29 13088]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-26 604488]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
============== File Associations ===============
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
=============== Created Last 30 ================
2010-02-15 18:05 <DIR> --d----- C:\ComboFix
2010-02-15 12:17 261,632 a------- c:\windows\PEV.exe
2010-02-15 12:17 161,792 a------- c:\windows\SWREG.exe
2010-02-15 12:17 98,816 a------- c:\windows\sed.exe
2010-02-15 12:17 77,312 a------- c:\windows\MBR.exe
2010-02-14 18:50 <DIR> -cd-h--- c:\windows\ie8
2010-02-14 14:15 1,374 a------- c:\windows\imsins.BAK
2010-02-12 21:40 34,688 a------- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-12 21:40 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-12 21:31 18,688 a------- c:\windows\system32\drivers\cdaudio.sys
2010-02-12 21:31 18,688 a------- c:\windows\system32\dllcache\cdaudio.sys
2010-02-12 21:31 8,192 a------- c:\windows\system32\dllcache\changer.sys
2010-02-08 17:52 <DIR> --d----- c:\program files\iPod
2010-02-08 17:52 <DIR> --d----- c:\program files\iTunes
2010-02-07 17:44 <DIR> --d----- c:\docume~1\stephen\applic~1\Total Recorder Editor Pro
2010-02-07 17:44 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2010-02-07 17:44 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2010-02-07 17:44 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2010-02-07 17:44 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2010-02-07 17:44 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2010-02-07 17:44 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2010-02-07 17:44 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2010-02-07 17:44 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2010-02-07 17:44 2,084,864 a------- c:\windows\system32\NCTAudioDesign2.dll
2010-02-07 17:44 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2010-02-07 17:44 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2010-02-07 17:44 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-02-07 17:44 <DIR> --d----- c:\program files\Total Recorder Editor Pro
2010-02-06 21:49 139,264 a------- c:\windows\system32\bgsvcgen.exe
2010-02-06 21:49 59,240 a------- c:\windows\system32\GenSvcInst.exe
2010-02-06 21:49 38,944 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-02-02 21:00 <DIR> --d----- c:\documents and settings\stephen\DesktopProblems Book
==================== Find3M ====================
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-31 11:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-31 11:50 353,792 -------- c:\windows\system32\dllcache\srv.sys
2009-12-26 14:34 68,432 a---h--- c:\windows\system32\mlfcache.dat
2009-12-21 08:19 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 13:43 343,040 -------- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-14 02:08 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll
2009-12-11 12:52 152,904 a------- c:\windows\system32\vghd.scr
2009-12-11 03:38 69,120 -------- c:\windows\system32\dllcache\iecompat.dll
2009-12-08 14:27 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 13:43 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 04:23 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 13:22 455,424 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 12:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 12:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 12:11 1,291,776 -------- c:\windows\system32\dllcache\quartz.dll
2009-11-27 12:11 17,920 -------- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 11:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 11:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 11:07 8,704 a------- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 11:07 28,672 -------- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 11:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 11:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 11:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-27 11:07 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 11:07 48,128 -------- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 11:07 11,264 -------- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 10:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-21 10:51 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
2007-02-24 00:16 87,608 a------- c:\docume~1\stephen\applic~1\ezpinst.exe
2007-02-24 00:16 47,360 a------- c:\docume~1\stephen\applic~1\pcouffin.sys
2006-12-15 16:44 2,584 a------- c:\documents and settings\stephen\winnt32.dll
2006-12-15 16:41 554 a------- c:\documents and settings\stephen\win32.dll
2006-08-23 11:42 88 a--shr-- c:\windows\system32\8FAF4E4293.sys
2007-12-27 12:34 8 a--shr-- c:\windows\system32\9BFCCDF554.sys
2008-03-03 18:35 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-27 17:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
============= FINISH: 11:55:43.51 ===============
Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 15 Model 4 Stepping 7, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:145 Go - Free:39 Go )
D:\ [CD_Rom]
E:\ [Fixed-NTFS] .. ( Total:189 Go - Free:10 Go )
¨
Scan : 11:58.36
Path : C:\Documents and Settings\Stephen\Desktop\Tools\Rooter.exe
User : Stephen ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (860)
______ \??\C:\WINDOWS\system32\csrss.exe (1036)
______ \??\C:\WINDOWS\system32\winlogon.exe (1148)
______ C:\WINDOWS\system32\services.exe (1208)
______ C:\WINDOWS\system32\lsass.exe (1220)
______ C:\WINDOWS\system32\svchost.exe (1420)
______ C:\WINDOWS\system32\svchost.exe (1540)
______ C:\WINDOWS\System32\svchost.exe (1652)
______ C:\WINDOWS\system32\svchost.exe (1752)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (1884)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (1940)
______ C:\WINDOWS\system32\spoolsv.exe (896)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (252)
______ C:\WINDOWS\system32\bgsvcgen.exe (280)
______ C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (324)
______ C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (884)
______ C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (1008)
______ C:\Program Files\Common Files\Motive\McciCMService.exe (1080)
______ C:\Program Files\Verizon\VSP\ServicepointService.exe (1476)
______ C:\Program Files\Dell Support Center\bin\sprtsvc.exe (1552)
______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (1592)
______ C:\WINDOWS\system32\svchost.exe (1604)
______ C:\WINDOWS\system32\MsPMSPSv.exe (1724)
______ C:\Program Files\Xobni\XobniService.exe (1800)
______ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (2496)
______ C:\WINDOWS\System32\alg.exe (3300)
______ C:\WINDOWS\Explorer.EXE (2252)
______ C:\WINDOWS\system32\ctfmon.exe (2080)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (3784)
______ C:\Program Files\iTunes\iTunesHelper.exe (3424)
______ C:\Program Files\Dell Support Center\bin\sprtcmd.exe (2172)
______ C:\Program Files\Digital Line Detect\DLG.exe (1984)
______ C:\Program Files\Memturbo 4\MemTurbo.exe (2728)
______ C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (1104)
______ C:\Program Files\iPod\bin\iPodService.exe (2828)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3124)
______ C:\Program Files\Internet Explorer\IEXPLORE.EXE (3916)
______ C:\WINDOWS\system32\wscntfy.exe (1868)
______ C:\Documents and Settings\Stephen\Desktop\Tools\Rooter.exe (1648)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:57544704)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:57576960 | Length:156543528960)
\Device\Harddisk0\Partition3 (Start_Offset:156601105920 | Length:3397040640)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\1-Click Maintenance.job
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\AWC AutoSweep.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\Malwarebytes' Scheduled Scan for Stephen.job
C:\WINDOWS\Tasks\Malwarebytes' Scheduled Update for Stephen.job
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SCHEDLGU.TXT
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 11:59.15
¨
C:\Rooter$\Rooter_15.txt - (18/02/2010 | 11:59.15)
PC runs good!
Only issue is my iphone, when I plug it in to the usb to backup with itunes the computer beeps three times, then a 10 to 15 second pause then it makes the sound when you disconnect a usb drive froma computer.
I suspect once I rerun Defogger that will go away?
Also, what should I do about:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP197\A0070611.exe Win32/Toolbar.AskSBar application
This is the remaining item from the ESOT scan!
#21
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 18 February 2010 - 03:44 PM
quirmche,
The sounds your PC is making when adding or removing USB devices are normal assuming they are working correctly when inserted. My machine does the same thing. That ESET threat will be removed later when we clean up.
We need to do some work in your registry:
1. Open Notepad.
2. Copy and paste the contents of the below codebox into Notepad.
3. Save the file to your desktop as "fix.reg" (WITH the quotation marks).
5. Reboot.
When you finish that please run DDS again and post the DDS.txt log.
The sounds your PC is making when adding or removing USB devices are normal assuming they are working correctly when inserted. My machine does the same thing. That ESET threat will be removed later when we clean up.
We need to do some work in your registry:1. Open Notepad.
2. Copy and paste the contents of the below codebox into Notepad.
3. Save the file to your desktop as "fix.reg" (WITH the quotation marks).
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
"{A057A204-BACC-4D26-9990-79A187E2698E}"=-
"{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}"=-
[-HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
[-HKEY_CLASSES_ROOT\TYPELIB\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
[-HKEY_CLASSES_ROOT\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}]
[-HKEY_CLASSES_ROOT\TYPELIB\{A057A204-BACC-4D26-9990-79A187E2698E}]
[-HKEY_CLASSES_ROOT\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
[-HKEY_CLASSES_ROOT\TYPELIB\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}]
4. Double click the fix.reg file on your desktop and confirm the prompts that you wish to make the changes.5. Reboot.
When you finish that please run DDS again and post the DDS.txt log.
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""][/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
#22
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 18 February 2010 - 08:07 PM
DDS (Ver_09-06-26.01) - NTFSx86
Run by Stephen at 21:02:26.53 on Thu 02/18/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2482 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100218-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Verizon\VSP\ServicepointService.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Stephen\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://home.verizon.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\textal~1\TAForIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo 4\MemTurbo.exe
StartupFolder: c:\docume~1\stephen\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &Highlight - c:\windows\web\highlight.htm
IE: &Links List - c:\windows\web\urllist.htm
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: I&mages List - c:\windows\web\imglist.htm
IE: Open Frame in &New Window - c:\windows\web\frm2new.htm
IE: Zoom &In - c:\windows\web\zoomin.htm
IE: Zoom O&ut - c:\windows\web\zoomout.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
Trusted Zone: musicmatch.com\online
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} - hxxp://www.creative.com/su/ocx/15031/CTSUEng.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/3/d/83d1fe15-fe0f-4bdf-b09c-4e3c49808ec7/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156386693853
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158107097781
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~3\MpShHook.dll
============= SERVICES / DRIVERS ===============
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-12-1 207792]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-13 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-13 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-2-13 138680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2009-12-1 112592]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-1-26 236368]
R2 ServicepointService;ServicepointService;c:\program files\verizon\vsp\ServicepointService.exe [2009-12-30 668912]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2009-10-12 46824]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-1-26 19160]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate1c9ccf99ba708a;Google Update Service (gupdate1c9ccf99ba708a);c:\program files\google\update\GoogleUpdate.exe [2009-5-4 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-2-13 254040]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-2-13 352920]
S3 rootrepeal[1];rootrepeal[1];\??\c:\windows\system32\drivers\rootrepeal[1].sys --> c:\windows\system32\drivers\rootrepeal[1].sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-12-1 359624]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-12-1 1141712]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\aawservice.exe [?]
S4 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-11-12 464264]
S4 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-11-12 234888]
S4 Cepstral License Server;Cepstral License Server;c:\program files\cepstral\bin\CepstralLicSrv.exe [2007-3-15 57344]
S4 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-9-29 13088]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-8-26 604488]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
============== File Associations ===============
vbefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
vbsfile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
jsefile\shell\open2\command=%SystemRoot%\System32\CScript.exe "%1" %*
=============== Created Last 30 ================
2010-02-15 18:05 <DIR> --d----- C:\ComboFix
2010-02-15 12:17 261,632 a------- c:\windows\PEV.exe
2010-02-15 12:17 161,792 a------- c:\windows\SWREG.exe
2010-02-15 12:17 98,816 a------- c:\windows\sed.exe
2010-02-15 12:17 77,312 a------- c:\windows\MBR.exe
2010-02-14 18:50 <DIR> -cd-h--- c:\windows\ie8
2010-02-14 14:15 1,374 a------- c:\windows\imsins.BAK
2010-02-12 21:40 34,688 a------- c:\windows\system32\drivers\lbrtfdc.sys
2010-02-12 21:40 34,688 a------- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-12 21:31 18,688 a------- c:\windows\system32\drivers\cdaudio.sys
2010-02-12 21:31 18,688 a------- c:\windows\system32\dllcache\cdaudio.sys
2010-02-12 21:31 8,192 a------- c:\windows\system32\dllcache\changer.sys
2010-02-08 17:52 <DIR> --d----- c:\program files\iPod
2010-02-08 17:52 <DIR> --d----- c:\program files\iTunes
2010-02-07 17:44 <DIR> --d----- c:\docume~1\stephen\applic~1\Total Recorder Editor Pro
2010-02-07 17:44 1,212,416 a------- c:\windows\system32\NCTAudioInformation2.dll
2010-02-07 17:44 602,112 a------- c:\windows\system32\NCTAudioTransform2.dll
2010-02-07 17:44 479,232 a------- c:\windows\system32\NCTAudioVisualization2.dll
2010-02-07 17:44 458,752 a------- c:\windows\system32\NCTAudioRecord2.dll
2010-02-07 17:44 458,752 a------- c:\windows\system32\NCTAudioPlayer2.dll
2010-02-07 17:44 417,792 a------- c:\windows\system32\NCTTextToAudio2.dll
2010-02-07 17:44 348,160 a------- c:\windows\system32\NCTWMAFile2.dll
2010-02-07 17:44 113,486 a------- c:\windows\system32\NCTWMAProfiles.prx
2010-02-07 17:44 2,084,864 a------- c:\windows\system32\NCTAudioDesign2.dll
2010-02-07 17:44 1,986,560 a------- c:\windows\system32\NCTAudioFile2.dll
2010-02-07 17:44 880,640 a------- c:\windows\system32\NCTAudioEditor2.dll
2010-02-07 17:44 835,584 a------- c:\windows\system32\NCTAudioCDGrabber2.dll
2010-02-07 17:44 <DIR> --d----- c:\program files\Total Recorder Editor Pro
2010-02-06 21:49 139,264 a------- c:\windows\system32\bgsvcgen.exe
2010-02-06 21:49 59,240 a------- c:\windows\system32\GenSvcInst.exe
2010-02-06 21:49 38,944 a------- c:\windows\system32\drivers\CDRBSDRV.SYS
2010-02-02 21:00 <DIR> --d----- c:\documents and settings\stephen\DesktopProblems Book
==================== Find3M ====================
2010-01-07 16:07 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-12-31 11:50 353,792 a------- c:\windows\system32\drivers\srv.sys
2009-12-31 11:50 353,792 -------- c:\windows\system32\dllcache\srv.sys
2009-12-26 14:34 68,432 a---h--- c:\windows\system32\mlfcache.dat
2009-12-21 08:19 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 13:43 343,040 a------- c:\windows\system32\mspaint.exe
2009-12-16 13:43 343,040 -------- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 02:08 33,280 a------- c:\windows\system32\csrsrv.dll
2009-12-14 02:08 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll
2009-12-11 12:52 152,904 a------- c:\windows\system32\vghd.scr
2009-12-11 03:38 69,120 -------- c:\windows\system32\dllcache\iecompat.dll
2009-12-08 14:27 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\ntoskrnl.exe
2009-12-08 14:26 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\ntkrnlpa.exe
2009-12-08 13:43 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 13:43 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 04:23 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 13:22 455,424 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 12:11 1,291,776 a------- c:\windows\system32\quartz.dll
2009-11-27 12:11 17,920 a------- c:\windows\system32\msyuv.dll
2009-11-27 12:11 1,291,776 -------- c:\windows\system32\dllcache\quartz.dll
2009-11-27 12:11 17,920 -------- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 11:07 28,672 a------- c:\windows\system32\msvidc32.dll
2009-11-27 11:07 8,704 a------- c:\windows\system32\tsbyuv.dll
2009-11-27 11:07 8,704 a------- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 11:07 28,672 -------- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 11:07 84,992 a------- c:\windows\system32\avifil32.dll
2009-11-27 11:07 48,128 a------- c:\windows\system32\iyuv_32.dll
2009-11-27 11:07 11,264 a------- c:\windows\system32\msrle32.dll
2009-11-27 11:07 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 11:07 48,128 -------- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 11:07 11,264 -------- c:\windows\system32\dllcache\msrle32.dll
2009-11-21 10:51 471,552 a------- c:\windows\apppatch\aclayers.dll
2009-11-21 10:51 471,552 -------- c:\windows\system32\dllcache\aclayers.dll
2007-02-24 00:16 87,608 a------- c:\docume~1\stephen\applic~1\ezpinst.exe
2007-02-24 00:16 47,360 a------- c:\docume~1\stephen\applic~1\pcouffin.sys
2006-12-15 16:44 2,584 a------- c:\documents and settings\stephen\winnt32.dll
2006-12-15 16:41 554 a------- c:\documents and settings\stephen\win32.dll
2006-08-23 11:42 88 a--shr-- c:\windows\system32\8FAF4E4293.sys
2007-12-27 12:34 8 a--shr-- c:\windows\system32\9BFCCDF554.sys
2008-03-03 18:35 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-27 17:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat
============= FINISH: 21:03:49.46 ===============
Re: usb question
I guess what I really wanted to say is my PC is not recognizing my iphone so I can sync it up to itunes. It's either itunes or the usb drivers that could be the problem, I don't know. That is my only known issue at this point.
Otherwise, you have help greatly and I thank you for your time and patience!!!!
#23
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 19 February 2010 - 05:40 AM
quirmche,
Your logs look clean - Good job! Now we have some important cleanup and housekeeping to do though. These steps will also remove that other threat ESET found and hopefully get your USB issue resolved (if it doesn't, let me know). Are you able to see your iPhone in "My Computer" when you plug it in?
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Uninstall ComboFix
To re-enable your Emulation drivers, double click DeFogger to run the tool.
Your Emulation drivers are now re-enabled.
Now to remove most of the tools that we have used in fixing your machine: Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
Your logs look clean - Good job! Now we have some important cleanup and housekeeping to do though. These steps will also remove that other threat ESET found and hopefully get your USB issue resolved (if it doesn't, let me know). Are you able to see your iPhone in "My Computer" when you plug it in?
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.Please follow these steps to remove older version Java components and update.
- Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
- Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 18. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Select the Windows platform from the dropdown menu.
- Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
- Click on the link to download Windows Offline Installation and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
- Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java™ 6) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
- After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked[list]
Applications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. - Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.
Uninstall ComboFix- Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens:
Combofix /Uninstall
To re-enable your Emulation drivers, double click DeFogger to run the tool.- The application window will appear
- Click the Re-enable button to re-enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.
Now to remove most of the tools that we have used in fixing your machine:- Make sure you have an Internet Connection.
- Download OTC to your desktop and run it
- A list of tool components used in the cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
- Click Yes to begin the cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose Yes.
- Manually delete any remaining logs or tools from our fixes
Finally, I'd like to make a couple of suggestions to help you stay clean in the future:- Restart any anti-malware programs that we disabled while we were cleaning your machine.
- Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
- Avoid using P2P programs, cracks and keygens! Refer back to my earlier post for more information.
- Consider running in a limited user account. See this post for more information.
- Please carefully review the information in our Security - Best Practices and Prevention forum located HERE
Edited by RPMcMurphy, 19 February 2010 - 05:45 AM.
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""][/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
#24
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 19 February 2010 - 10:08 PM
OK, finished up all the requested touches from your last post.
I want to thank you very much for your help! My computer works very well at this point!
Two issues remain:
I want to thank you very much for your help! My computer works very well at this point!
Two issues remain:
- iphone is still not recognized
- Computer start up is still very slow and seems to get stuck
#25
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 20 February 2010 - 05:22 AM
quirmche,
iTunes and QuickTime were both infected. I cleaned them with ComboFix, but it is possible they were damaged or corrupted in the process. Please uninstall iTunes and QuickTime via Control Panel > Add / Remove programs, then download a fresh copy from HERE and reinstall them.
Let me know if that helps. Also let me know if your iPhone is recoginzed by Windows in "My Computer"
iTunes and QuickTime were both infected. I cleaned them with ComboFix, but it is possible they were damaged or corrupted in the process. Please uninstall iTunes and QuickTime via Control Panel > Add / Remove programs, then download a fresh copy from HERE and reinstall them.
Let me know if that helps. Also let me know if your iPhone is recoginzed by Windows in "My Computer"
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""][/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
Register to Remove
#26
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 20 February 2010 - 05:55 AM
Sorry about that, you did ask that before!
Currently, (before unistall/install) it is not being recognized by Windows.
I will follow your post and report back, thanks! 
#27
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 20 February 2010 - 05:56 AM
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""][/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
#28
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 20 February 2010 - 11:08 AM
OK, removed via control panel >add/remove programs
went to C;\program file and deleted any remaining folders
ran ATF Cleaner, CCleaner, Uniblue Speedup My PC, & Uniblue Registry booster 2009.
Noticed upon reboot PC was quicker!
Did a clean install of quicktime & itunes but the iphone is still not recognized either by itunes or Windows My Computer.
Do you think it has to do with Windows or USB drivers?
#29
RPMcMurphy
-
- Authentic Member
-
- 2,326 posts
MalwareTeam Emeritus
Posted 20 February 2010 - 02:36 PM
quirmche,
OK, don't run anymore tools right now.
First, thy this:
OK, don't run anymore tools right now.
First, thy this:
- Click Start > Run or Press the Windows Key + R and enter the following into the run box that opens:
services.msc - Find "Apple Mobile Device".
- In the "status" column it will tell you if the process is started or not, and the "startup type" column will tell you if the process will start automatically when windows starts. Set the status to "started" and the startup type to "automatic".
- To do this right click on this process, and then click on "Properties"
- In the "general" tab find the "startup type" drop-down arrow menu and make sure "automatic" is selected. Select it if it is not.
- Also in the general tab check the "service status". If it does not say "started" then click the start button.
- At the bottom of the properties window click "apply"
- Do you have any other USB devices that are working properly?
- Have you tried different USB ports with the iPhone?
- Open Device Manager - Click Start > Run or Press the Windows Key + R and enter the following into the run box that opens:
mmc devmgmt.msc
Are there any question marks or exclamation points next to any of the devices listed?
If you are being helped and you haven't replied within 5 days your topic will be closed as inactive.
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""][/url]
ASAP & UNITE Member - Proud Graduate of the WTT Classroom
The help you receive here is free. If you wish to show your appreciation, then you may [url="https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=RPMcMurphy%40whatthetech%2ecom&lc=US&item_name=RPMcMurphy¤cy_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted""]
[/url]
#30
quirmche
-
- Authentic Member
-
- 46 posts
Authentic Member
Posted 21 February 2010 - 11:41 AM
Ok, I opened Apple Mobile Device and the status was already set to "started" and the startup type to "automatic".
Do you have any other USB devices that are working properly?
Yes, my mouse is wireless with a usb key, I also have two data usb keys cruzer micro, and PNY and both are recognized in My Computer. However, my iphone and my creative nomad mp3 player are not recognized and they have that strange three beep sound that I'll call the "not recognized sound" when plugged in.
I had the same thing occur a few years back with my Palm Treo 650 not being recognized and it didn't work until I got a new one after my original broke.
Have you tried different USB ports with the iPhone?
Yes
Open Device Manager - Click Start > Run or Press the Windows Key + R and enter the following into the run box that opens:
mmc devmgmt.msc
Are there any question marks or exclamation points next to any of the devices listed?
See pics!
Do you have any other USB devices that are working properly?
Yes, my mouse is wireless with a usb key, I also have two data usb keys cruzer micro, and PNY and both are recognized in My Computer. However, my iphone and my creative nomad mp3 player are not recognized and they have that strange three beep sound that I'll call the "not recognized sound" when plugged in.
I had the same thing occur a few years back with my Palm Treo 650 not being recognized and it didn't work until I got a new one after my original broke.
Have you tried different USB ports with the iPhone?
Yes
Open Device Manager - Click Start > Run or Press the Windows Key + R and enter the following into the run box that opens:
mmc devmgmt.msc
Are there any question marks or exclamation points next to any of the devices listed?
See pics!
Attached Thumbnails
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
