WMP doesn't work

I can't get my windows media player to play sound EVER.

I get this message:
An audio codec is needed to play this file. To determine if this codec is available to download from the Web, click Web Help.

 

Yay, another problem...

I get this message...

NOTICE: Your computer has tracks of all adult sites you had visited. In most cases, you are not even aware of the files that get installed by themselves, violate your online privacy and could compromise your career and your marriage. These files leave tracks for your online behavior and even compromise your credit card's security. It is possible to clean up all the temporary and history records of your computer to remove these tracks.

Would you like to install DriverCleaner to check your computer for free? (Recommended)

Yes, how do I get rid of this spyware?

 

Download and run HijackThis:

Download from here http://radiosplace.com/ latest version 1.99.1

Download it to it's own folder, for example create a folder C:\HijackThis

unzip (double click on zipped folder)

click on the execute

click on Do a system scan and save a logfile and save to the folder you just created

copy resultant .txt file and paste into your next post

Post the log to the Virus Spyware Removal Section with a link back to this post.

Regards - Charles

 

HiJackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:28:52 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Adobe Gamma.lnk = C:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

 

Yes, you do have malware running.

I'm moving your thread to the Removal section. You'll get notifications when someone posts to this thread there.

Regards - Charles

 

OK, so how did this manage to happen?? We removed WinBudget a few days ago. <head scratch>

And this is the first I'm hearing of any messages about Drive Cleaner too.

Lets do the following:
I'd like you to do is to rename the HijackThis executable, hijackthis.exe to <anything of your choice> .exe, as long you change it's name.

Access your Add or Remove Programs Control Panel by hitting your [Start] button, select Control Panel and click on Add or Remove Programs. Then find the following programs and click the [Change|Remove] button for each, if they are listed. If they are not, continue with instructions
WinBudget


Run HJT, and place a check next to the following lines, then, with all browsers and windows closed, hit 'Fix checked':

O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the <F8> key.
Use the arrow keys to highlight Safe Mode and press the <Enter> key.

Also, enable the 'Show Hidden Folders' option, like this:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Open 'My Computer' and select the 'Search' feature. Then click the 'All files and folders' button. Click the 'More advanced search options' button and be sure the 'Search system folders', 'Search hidden files and folders' and 'Search subfolders' boxes are check marked then search for and delete, if found, (some may not be present after previous steps) the following files/folders:
C:\Program Files\WinBudget<<<<---this folder

To exit Safe Mode, click the Start button, click Turn Off Computer, click Restart.

Once rebooted, I'd like you to use the ComboFix tool we used the other day, if you don't still have it:
Download combofix.exe

• Double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Post both logs for me.

I'm going to lock the other thread about Sophos anti-virus, we'll deal with getting you some av protection in this thread.

 

ComboFix Logfile

The only winbudget I saw was.. C:\Program Files\WinBudget\bin and I deleted that.


Anna Luzzi - 07-01-08 17:00:25.29 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Virus Helpers "

((((((((((((((((((((((((((((((( Files Created from 2006-12-08 to 2007-01-08 ))))))))))))))))))))))))))))))))))


2007-01-07 18:31 1,233,920 --a------ E:\WINDOWS\system32\msxml4.dll
2007-01-07 18:30 82,432 --a------ E:\WINDOWS\system32\msxml4r.dll
2007-01-07 18:30 24,064 --a------ E:\WINDOWS\system32\drivers\savonaccessfilter.sys
2007-01-07 18:29 80,128 --a------ E:\WINDOWS\system32\drivers\savonaccesscontrol.sys
2007-01-06 02:46 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\F-Secure
2007-01-06 02:06 140,288 --a------ E:\WINDOWS\system32\sfc_os.dll
2007-01-01 23:27 2,654 --a------ E:\WINDOWS\system32\tmp.reg
2007-01-01 23:25 79,360 --a------ E:\WINDOWS\system32\swxcacls.exe
2007-01-01 23:25 53,248 --a------ E:\WINDOWS\system32\Process.exe
2007-01-01 23:25 51,200 --a------ E:\WINDOWS\system32\dumphive.exe
2007-01-01 23:25 40,960 --a------ E:\WINDOWS\system32\swsc.exe
2007-01-01 23:25 288,417 --a------ E:\WINDOWS\system32\SrchSTS.exe
2007-01-01 23:25 135,168 --a------ E:\WINDOWS\system32\swreg.exe
2006-12-31 23:38 <DIR> dr-h----- E:\$VAULT$.AVG
2006-12-31 23:38 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\AVG7
2006-12-31 23:28 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\american dad screenmate
2006-12-31 22:04 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Uniblue
2006-12-19 22:47 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\.housecall6.6
2006-12-19 22:47 <DIR> d-------- E:\Documents and Settings\Anna Luzzi.ANNA\.housecall6.6
2006-12-19 21:54 <DIR> d-------- E:\Documents and Settings\Administrator.ANNA
2006-12-19 21:19 <DIR> d-------- E:\Documents and Settings\Administrator


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-08 17:01 1997 --a------ E:\ComboFix.txt
2007-01-08 17:01 1997 --a------ E:\ComboFix.txt
2007-01-08 14:26 -------- d-------- E:\Documents and Settings
2007-01-08 14:26 -------- d-------- E:\Documents and Settings
2007-01-06 21:46 -------- d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Lavasoft
2007-01-06 04:05 -------- d-------- E:\WINDOWS
2007-01-06 04:05 -------- d-------- E:\WINDOWS
2007-01-03 13:08 -------- d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\dvdcss
2007-01-03 08:23 139264 --a------ E:\WINDOWS\system32\hpzjrd01.dll
2007-01-01 02:19 -------- d--hs---- E:\RECYCLER
2007-01-01 02:19 -------- d--hs---- E:\RECYCLER
2006-12-31 03:47 -------- dr------- E:\Program Files
2006-12-31 03:47 -------- dr------- E:\Program Files
2006-12-24 23:44 -------- d-------- E:\TEMP
2006-12-24 23:44 -------- d-------- E:\TEMP
2006-12-19 15:45 2764 --ah----- E:\IPH.PH
2006-12-19 15:45 2764 --ah----- E:\IPH.PH
2006-12-07 00:29 2374472 --a------ E:\WINDOWS\system32\wmvcore.dll
2006-11-27 22:07 -------- d-------- E:\Documents and Settings\Anna Luzzi.ANNA\Application Data\Skype
2006-11-08 00:06 679424 --a------ E:\WINDOWS\system32\inetcomm.dll
2006-10-19 08:56 713216 --a------ E:\WINDOWS\system32\sxs.dll
2006-10-13 07:35 65536 --a------ E:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35 64000 --a------ E:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35 142336 --a------ E:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "\ "C:\\Program Files\\Common Files\\Ahead\\lib\\NMBgMonitor.exe\" "
"Syscpy "=" "
"DIRECT! "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"IPConfig "=" "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HP Software Update "= "\ "C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\" "
"QuickTime Task "= "\ "C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange "= "1 "
"Installed "= "1 "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed "= "1 "

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion "=dword:00000110
"DeskHtmlMinorVersion "=dword:00000005
"Settings "=dword:00000001
"GeneralFlags "=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "
"Flags "=dword:00000002
"Position "=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState "=hex:04,00,00,40
"OriginalStateInfo "=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,de,03,\
00,00,04,00,00,40
"RestoredStateInfo "=hex:18,00,00,00,4b,00,00,00,00,00,00,00,b5,04,00,00,de,03,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1} "= "Browseui preloader "
"{8C7461EF-2B13-11d2-BE35-3078302C2030} "= "Component Categories cache daemon "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972} "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"Wallpaper "=" "

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000000
"NoActiveDesktop "=dword:00000000
"ClassicShell "=dword:00000000
"ForceActiveDesktopOn "=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername "=dword:00000000
"legalnoticecaption "=" "
"legalnoticetext "=" "
"shutdownwithoutlogon "=dword:00000001
"undockwithoutlogon "=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr "=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun "=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder "= "{7849596a-48ea-486e-8937-a2a3009f31a9} "
"CDBurn "= "{fbeb8a05-beee-4442-804e-409d6c4515e9} "
"WebCheck "= "{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "
"SysTray "= "{35CEC8A3-2BE6-11D2-8773-92E220524153} "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"rpcapd "=dword:00000003
"CAISafe "=dword:00000003
"Browser "=dword:00000002
"BITS "=dword:00000003
"AudioSrv "=dword:00000002
"AppMgmt "=dword:00000003
"ALG "=dword:00000003
"ColdFusion MX ODBC Server "=dword:00000002
"ColdFusion MX ODBC Agent "=dword:00000002
"ColdFusion MX Application Server "=dword:00000002
"Adobe LM Service "=dword:00000003
"vsmon "=dword:00000002
"iPodService "=dword:00000003
"IDriverT "=dword:00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders "= "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll "

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\SAVService


~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20070108-162905-299
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20070103-022726-448
O4 - HKCU\..\Run: [Uniblue SpyEraser] "c:\program files\uniblue\spyeraser\spyeraser.exe" -m
backup-20070102-223245-382
O20 - Winlogon Notify: winsys2freg - E:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
backup-20070102-223200-234
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
backup-20070102-223200-963
O15 - Trusted Zone: *.snipernet.biz (HKLM)
backup-20070102-223200-952
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
backup-20070102-223200-935
O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070102-223200-913
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070102-223200-994
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
backup-20070102-223200-640
O15 - Trusted Zone: *.systemdoctor.com
backup-20070102-223200-582
O15 - Trusted Zone: *.winantivirus.com
backup-20070102-223200-106
O15 - Trusted Zone: *.dollarrevenue.com
backup-20070102-223200-144
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20070102-223200-176
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070102-223200-184
O15 - Trusted Zone: *.imagesrvr.com
backup-20070102-223200-682
O15 - Trusted Zone: *.matcash.com
backup-20070102-223200-238
O15 - Trusted Zone: *.matcash.com (HKLM)
backup-20070102-223200-287
O15 - Trusted Zone: *.snipernet.biz
backup-20070102-223200-454
O15 - Trusted Zone: *.media-motor.com
backup-20070102-223200-334
O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070102-223200-377
O15 - Trusted Zone: *.adgate.info
backup-20070102-223200-405
O15 - Trusted Zone: *.mediatickets.net
backup-20070102-223200-441
O15 - Trusted Zone: *.adgate.info (HKLM)
backup-20070102-223200-522
O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070102-223200-313
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe (file missing)
backup-20070102-223200-704
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070102-223159-671
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
backup-20070102-223159-186
O4 - HKLM\..\Run: [{6831F5EA-0960-1033-0430-020624030001}] "C:\Program Files\Common Files\{6831F5EA-0960-1033-0430-020624030001}\Update.exe" te-110-12-0000213
backup-20070102-223159-934
O4 - HKLM\..\Run: [sdfghjgewaertyutrew.exe] E:\WINDOWS\system32\sdfghjgewaertyutrew.exe
backup-20070102-223159-550
O2 - BHO: BhoApp Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
backup-20070102-223159-517
O4 - HKLM\..\Run: [pop06ap] E:\WINDOWS\pop06ap2.exe
backup-20070102-223159-414
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - E:\WINDOWS\system32\nweipeg.dll (file missing)
backup-20070102-223159-229
O2 - BHO: BHO - {9BB5B49C-0D59-418d-A6A5-F6373B8FEF64} - C:\Program Files\BHO Plugin\plugin1.dll
backup-20070102-223159-318
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
backup-20070102-223159-179
O4 - HKLM\..\Run: [hrcopul.dll] E:\WINDOWS\system32\rundll32.exe "E:\Documents and Settings\Anna Luzzi.ANNA\Local Settings\Application Data\hrcopul.dll ",vuljcec
backup-20070102-223159-770
R3 - URLSearchHook: (no name) - {2C5AA40E-8814-4EB6-876E-7EFB8B3F9662} - (no file)
backup-20070102-223159-384
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20073&k=

Contents of the 'Scheduled Tasks' folder
E:\WINDOWS\tasks\Uniblue SpyEraser.job

Completion time: 07-01-08 17:01:29.62
E:\ComboFix.txt ... 07-01-08 17:01

 

HiJackThis Logfile

Yay, winbudget is gone again.. I think...


Logfile of HijackThis v1.99.1
Scan saved at 5:04:19 PM, on 1/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\HPZipm12.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\WgaTray.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\WINDOWS\system32\msiexec.exe
E:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
e:\program files\internet explorer\iexplore.exe
C:\HJT\HijackThis1.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Adobe Gamma.lnk = C:\Program Files\common files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1167871446015
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe

 

Any more Drive Cleaner pop ups?

Logs looks clean.

 

AHhhh

Yes, I haven't had any pop ups. But um, yeah I can't figure out why I can't get the sophos anti-virus to work ... Any suggestions on what could be a good anti-virus???

 

Where did you get the Sophos av software from, online or some other source?

Have you tried uninstalling and then reinstalling? Sometimes infections can break certain parts of legit softwares, they don't worry about such things, when other legit softwares usually make an attempt at working with other sorts of apps.

 

Sophos Anti Virus

I got the antivirus from here...

http://oit.montclair.edu/resnet/security.html

Since I attend Montclair State University, they give you some free antivirus software. So, I went to software archive and logged in, I clicked on Sophos AntiVirus and clicked to save it on my computer. I got it installed and when I click on it.. I get this message....

You do not have sufficient privileges to run the Sophos Anti-Virus main application.

You are not a member of any of the Sophos groups. To launch this application, you must be a member of SophosAdministrator, SophosPowerUser, or SophosUser group. Please contact your administrator.

What should I do ?

 

Contact your administrator as it states. I'm sure they will be able to help you.

Nothing we can do about that from here.