Author Topic: Virus? Win32...task bar/sound (Read 418 times)

bluestar · « **on:** September 10, 2006, 09:19:20 PM »

I am having problems getting sound to play for internet applications (youtube, etc.). However, I can get sound for my music programs (limewire, realplayer, etc.) on my computer. I also cannot get the sound icon to register in my tool bar, including going through the control panel to show it and have checked that there is nothing muted. A couple of times on startup, I get a error message about WIN32/svchost.exe. But I do not receive it everytime. So I have no clue what else to do. If someone could help me with this, it would be very much appreciated. Here is the HiJack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:48 PM, on 9/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/insta...cdetection3.cab
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

guestolo · « **Reply #1 on:** September 10, 2006, 11:08:19 PM »

I'm not seeing much wrong
but I don't see an Active AV running
Do you need a free solution

For now, can you do the following
From my signature below
Use INTERNET EXPLORER
Run an online virus scan at Kaspersky's
Accept the prompt at the Welcome screen
You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:

***Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
***Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:

Select My Computer

This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

***Now click on the Save as Text button:

Save the file to your desktop.

* Copy and paste that information in your next post

Also, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

bluestar · « **Reply #2 on:** September 11, 2006, 03:42:00 AM »

(warning, long) Kaspersky info:

Scan Statistics
Total number of scanned objects    100890
Number of viruses found    19
Number of infected objects    47 / 0
Number of suspicious objects    0
Duration of the scan process    02:11:51

Infected Object Name    Virus Name    Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat    Object is locked    skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\LocalService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\cert8.db    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\formhistory.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\history.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\key3.db    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\parent.lock    Object is locked    skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-62b8d23a.zip/javainstaller/InstallerApplet.class    Infected: Trojan-Downloader.Java.OpenStream.w    skipped
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-62b8d23a.zip    ZIP: infected - 1    skipped
C:\Documents and Settings\Owner\Cookies\index.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\Cache\_CACHE_001_    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\Cache\_CACHE_002_    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\Cache\_CACHE_003_    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\x0kfxm08.Default User\Cache\_CACHE_MAP_    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006091120060912\index.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Temp\xwhs9igv.exe    Infected: Trojan-Dropper.Win32.Agent.qh    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\17BKNHNM\a771ab73[1].js    Infected: Trojan-Downloader.JS.Small.af    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1GTXZHLB\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1GTXZHLB\popup[2].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\BPJ853R8\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DMFHPA0E\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DSRYF7L3\popup[2].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DSRYF7L3\popup[3].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6NJTSVJ\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6NJTSVJ\popup[2].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\FLKOH7Z1\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat    Object is locked    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MJ6VEAOQ\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\TPC2SFHN\popup[1].htm    Infected: Trojan-Clicker.HTML.Agent.a    skipped
C:\Documents and Settings\Owner\NTUSER.DAT    Object is locked    skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG    Object is locked    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temp\MegaHost.dll    Infected: Trojan.Win32.StartPage.rn    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temp\MegaInstaller.exe    Infected: Trojan.Win32.StartPage.rn    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temp\trickler_4010.ex_/    Infected: not-a-virus:AdWare.Win32.Gator.4010    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temp\trickler_4010.ex_    MS Expand: infected - 1    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\0GIQV0ZG\MegaInstaller[1].exe    Infected: Trojan.Win32.StartPage.rn    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\6BIBA1EN\pi[2].exe    Infected: Trojan-Downloader.Win32.Small.afq    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\G1EBOTAF\IeBHOs[1].dll    Infected: not-a-virus:AdWare.Win32.E2Give.a    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\X8FD7ZJA\sext01[1].chm/index.html    Infected: Exploit.HTML.CodeBaseExec    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\X8FD7ZJA\sext01[1].chm/MegaInstaller.exe    Infected: not-a-virus:AdWare.Win32.MetaDirect.c    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\X8FD7ZJA\sext01[1].chm    CHM: infected - 2    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\XN1GJUL6\MegaInstaller[1].exe    Infected: not-a-virus:AdWare.Win32.MetaDirect.c    skipped
C:\Old_HD\Documents and Settings\CM\Local Settings\Temporary Internet Files\Content.IE5\Y53SHKVY\g[1].htm    Infected: Trojan-Downloader.JS.Agent.ab    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0016.BIN/data0002    Infected: not-a-virus:AdWare.Win32.Sidesearch.d    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0016.BIN    Infected: not-a-virus:AdWare.Win32.Sidesearch.d    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0017.BIN/WISE0011.BIN    Infected: not-a-virus:AdWare.Win32.Exact.a    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0017.BIN/WISE0012.BIN    Infected: not-a-virus:AdWare.Win32.Exact.a    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0017.BIN/WISE0013.BIN    Infected: not-a-virus:AdWare.Win32.Exact.a    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0017.BIN    Infected: not-a-virus:AdWare.Win32.Exact.a    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe/WISE0018.BIN    Infected: not-a-virus:AdWare.Win32.NewDotNet    skipped
C:\Old_HD\Documents and Settings\CM\My Documents\Brians Jobs\Courtney\John_Sykes_skin.exe    WiseSFX: infected - 7    skipped
C:\Old_HD\Program Files\E2G\IeBHOs.dll    Infected: not-a-virus:AdWare.Win32.E2Give.a    skipped
C:\Old_HD\Program Files\Lycos\Sidesearch\sidesearch.dll    Infected: not-a-virus:AdWare.Win32.Sidesearch.d    skipped
C:\Old_HD\WINDOWS\Lycos\ss_IGN1_setup.exe/data0002    Infected: not-a-virus:AdWare.Win32.Sidesearch.d    skipped
C:\Old_HD\WINDOWS\Lycos\ss_IGN1_setup.exe    NSIS: infected - 1    skipped
C:\Program Files\Evrsoft\1st Page 2000\IScripts\Buttons\Six buttons from hell.izs    Infected: Trojan.JS.Loop    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf    Object is locked    skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG    Object is locked    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008/NHInstall.exe    Infected: not-a-virus:AdWare.Win32.NavExcel.d    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008/v2.0.4b.cab/NHelper.dll    Infected: not-a-virus:AdWare.Win32.NavExcel.g    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008/v2.0.4b.cab/NHUninstaller.exe    Infected: not-a-virus:AdWare.Win32.NavExcel    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008/v2.0.4b.cab/NHUpdater.exe    Infected: not-a-virus:AdWare.Win32.NavExcel.b    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008/v2.0.4b.cab    Infected: not-a-virus:AdWare.Win32.NavExcel.b    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe/data0008    Infected: not-a-virus:AdWare.Win32.NavExcel.b    skipped
C:\RECYCLER\S-1-5-21-789336058-813497703-1957994488-1003\Dc5.exe    Inno: infected - 6    skipped
C:\System Volume Information\MountPointManagerRemoteDatabase    Object is locked    skipped
C:\System Volume Information\_restore{DC1AA841-C6AD-41B4-82A7-48BA0FF117BD}\RP221\change.log    Object is locked    skipped
C:\WINDOWS\Debug\PASSWD.LOG    Object is locked    skipped
C:\WINDOWS\SchedLgU.Txt    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3D586809-E5DF-4DB6-9A99-3C8E12E76C14}.bin    Object is locked    skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log    Object is locked    skipped
C:\WINDOWS\Sti_Trace.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\edb.log    Object is locked    skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb    Object is locked    skipped
C:\WINDOWS\system32\config\AppEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\default    Object is locked    skipped
C:\WINDOWS\system32\config\default.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SAM    Object is locked    skipped
C:\WINDOWS\system32\config\SAM.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SecEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY    Object is locked    skipped
C:\WINDOWS\system32\config\SECURITY.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\software    Object is locked    skipped
C:\WINDOWS\system32\config\software.LOG    Object is locked    skipped
C:\WINDOWS\system32\config\SysEvent.Evt    Object is locked    skipped
C:\WINDOWS\system32\config\system    Object is locked    skipped
C:\WINDOWS\system32\config\system.LOG    Object is locked    skipped
C:\WINDOWS\system32\h323log.txt    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA    Object is locked    skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP    Object is locked    skipped
C:\WINDOWS\Temp\Perflib_Perfdata_220.dat    Object is locked    skipped
C:\WINDOWS\wiadebug.log    Object is locked    skipped
C:\WINDOWS\wiaservc.log    Object is locked    skipped
C:\WINDOWS\WindowsUpdate.log    Object is locked    skipped
Scan process completed.

HiJack log uninstall:

1st Page 2000 2.00 Free
ABBYY FineReader 5.0 Sprint
AceMenu Creator
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Elements 2.0
Adobe Reader 7.0.5
Art Explosion Label Factory Deluxe
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Audacity 1.2.3
BitTorrent 4.0.3
Broadcom 802.11 Driver
Cakewalk Audio Finder Tool
Cakewalk Pyro 1.5
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window MC 5 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CDBurnerXP Pro 3
Conexant 56K ACLink Modem
Conexant AC-Link Audio
DivX Player
DreamStation DXi2
EPSON Copy Utility
EPSON PERF 3170Guide
EPSON Photo Print
EPSON Scan
EPSON Smart Panel
FileZilla (remove only)
Google Toolbar for Internet Explorer
GTK+ 2.6.4 runtime environment
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
HP Wireless LAN Driver
iTunes
J2SE Runtime Environment 5.0 Update 1
Kaspersky Online Scanner
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Windows Journal Viewer
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5.0.6)
Music Creator 2
Nvu 0.90
Presto! BizCard 4.1 Eng
QuickTime
RealPlayer
rgc:audio Triangle II
ScanToWeb
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SoftSound Shorten for Windows 2.3b
Spelling Dictionaries For Adobe Reader Package
Synaptics Pointing Device Driver
The GIMP 2.2.6
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.1
Virtual Sound Canvas DXi
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar

bluestar · « **Reply #3 on:** September 13, 2006, 01:05:30 PM »

*bump

I updated and reinstalled Explorer and sound device. Win32 box doesn't seem to be coming up anymore. However, I can get sound on my music programs still (realplayer, quicktime, limewire, etc.) but still cannot get sound on any internet applications, and the sound icon still will not register on my taskbar. When I go under Customize, under the Task Bar Menu, it says the volume is muted, which it isn't and is located in past history. I clicked "always show", but nothing happens after I apply and OK it. What other methods are there to troubleshoot this issue?

Any further suggestions would be appreciated!

guestolo · « **Reply #4 on:** September 13, 2006, 06:56:11 PM »

If you right click the task bar and click properties
Uncheck Hide Inactive Icons, apply it and ok
Does the volume button show?

Access your Windows control panel and open the Java icon
Under the General tab select Delete Files
Leave all 3 selections checked and click OK

I would update your version of Java
For now
Access your add/remove programs and remove
J2SE Runtime Environment 5.0 Update 1

Don't update it yet, we'll do it in a bit

Download, install, and update Ewido anti-spyware
Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Don't run it yet

Please download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
This program is for XP and Windows 2000 only
Don't run it yet

Reboot your computer into Safe mode
In safe mode

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

Ewido
Open Ewido and Click on the Scanner tab at the top and then click on Complete System Scan.
Don't use your computer while running the scan, let it complete
Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).

Reboot the computer afterwards back to Normal windows

Post the report from Ewido's please and a fresh hijackthis log

bluestar · « **Reply #5 on:** September 13, 2006, 11:32:22 PM »

Quote

Post the report from Ewido's please and a fresh hijackthis log

Isn't this pretty much the same thing I just did with Kaspersky's? Nothing different happens when I uncheck Hide Inactive icons. The key is trying to figure out why even though volume is listed, it is under Past History. It says the volume is muted, which it isn't. I've made sure to go under advanced options and make sure no lines were being muted. Yet, the volume still will not register. Is this a virus attacking the internet browser or something else?

guestolo · « **Reply #6 on:** September 17, 2006, 01:20:38 PM »

I had you run an online virus scanner because you aren't running your own on your system
Ewido should remove some of those files for you, plus we should of had you install a Virus scanner
But, scanning the Internet, I see you have been warned about this in the past on other forums
I guess no one can get through to you

Seems you know best>>>but looking at your kaspersky's log, you really don't
I'm locking this as you have not done the last set of instructions

Hopefully someone can talk you into properly protecting your computer

Take care

TheTechGuide Forum

News:

Author Topic: Virus? Win32...task bar/sound (Read 418 times)

bluestar

Virus? Win32...task bar/sound

guestolo

Virus? Win32...task bar/sound

bluestar

Virus? Win32...task bar/sound

bluestar

Virus? Win32...task bar/sound

guestolo

Virus? Win32...task bar/sound

bluestar

Virus? Win32...task bar/sound

guestolo

Virus? Win32...task bar/sound