Solve : SYSTEM32 message;virus,malware or other??

1.	Solve : SYSTEM32 message;virus,malware or other??
Answer» Several days ago,I received a windows update notice for SP3;as normal,I complied and thought no more about it.Since then,I am constantly recieving a warning box stating "DLL C:\WINDOWS\system32\MSACM32.dll". It makes a reference to some windows image being unable to load,and states that I need to match it up against some diskette.At the same time,I have lost all audio.I have checked and rechecked wires,plug-ins,sound card,mixer settings,etc;nothing seems amiss.The only info I found out about MSACM32 on the net was that it might be some kind of audio compression file.HELP! Is this a bug,or do I need to get in a different topic.Any reply is greatly appreciated...Thanks...CNReddMSACM32.dll - msacm32.dll is a module containing functions for audio compression for 32-bit applications. I will move this topic to the Computer software forum. I don't think this is malware related.I appreciate that you put this in the right category...I wasn't sure.Could this have anything to do with the Windows SP3 download? I hate to think that,but thats when it started.I am also leary of removing that without some more educated opinions.Thanks in advance....CNReddNot sure whats causing it. A few things to try. Try running sfc /scannow, Start > Run type sfc /scannow then click OK. Make sure that the Windows XP installation cd is in the computer. Try downloading the msacm32.dll file from http://www.webzila.com/?wz=dll then register it with your system by following these instructions: http://forum.webzila.com/index.php?showtopic=543OK....XP was already installed when I purchased the PC,so all I have is the back-up that was suggested I make.I placed it in the pc and followed the "run" commands and got nothing.It verified that all windows files were intact and then did nada.As for step 2, that hasn't resolved anything either.I considered restoring to factory specs,but this issue will not allow me to burn a cd or dvd.Now what?Post a HJT log so we can do a quick check for malware. Although I don't think it is malware it won't hurt to look real fast. Download and rename TrendMicro HijackThis.exe (HJT) Double-click on HJTInstall. Click on the Install button. It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Upon install, HijackThis should open for you. Close HijackThis and rename it. Go to C:\Program Files\TREND Micro\HijackThis.exe Right click on HijackThis.exe and select Rename. Type in sniper.exe and press Enter. Right-click on sniper.exe and select Send To > Desktop (create shortcut) From the desktop open HijackThis. If using Windows Vista, Right-click and Run As Administrator. Click on the Do a system scan and save a log file button Hijackthis will scan and then a log will open in notepad. Copy and then paste the entire contents of the log in your post. Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required. Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.Have you tried to uninstall SP3? Have you tried sytem restore? Ok,Egghead,give me a bit and I'll have that for you.As for the last post,I'm unsure and uninformed on deleting SP3,so I won't unless I hear otherwise.As far as a restore,I tried several restore points,going back nearly a month,and my system will not allow it.I'v had this problem before,too,and I don't understand why it will not allow a restore.Ok,dude...here my grocery list..... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:25:42 AM, on 7/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\Program Files\Comodo\CBOClean\BOCORE.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe C:\Program Files\dvd43\dvd43_tray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\PROGRA~1\Comodo\CBOClean\BOC427.exe C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe C:\Program Files\BigFix\BigFix.exe C:\WINDOWS\system32\sol.exe c:\program files\aol\aol toolbar 5.0\AolTbServer.exe C:\Program Files\Common Files\AOL\1165668632\ee\aolsoftware.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AOL 9.0\waol.exe C:\Program Files\AOL 9.0\shellmon.exe C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.197.97.135:80 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll F3 - REG:win.ini: load= F3 - REG:win.ini: run= O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI ROBOFORM\roboform.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe" O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165668632\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe" O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_S6BBA.tmp" /EF "HKCU" O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner" O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\iolo\Macro Magic\Macros.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solitairerush/solitairerush.cab O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200135186109 O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 11440 bytes Thanks in advance,manI'm moving this thread to the Computer viruses and spyware forum. Go here HERE and do the SCANS. Post the logs when complete.

Answer»

Several days ago,I received a windows update notice for SP3;as normal,I complied and thought no more about it.Since then,I am constantly recieving a warning box stating "DLL C:\WINDOWS\system32\MSACM32.dll". It makes a reference to some windows image being unable to load,and states that I need to match it up against some diskette.At the same time,I have lost all audio.I have checked and rechecked wires,plug-ins,sound card,mixer settings,etc;nothing seems amiss.The only info I found out about MSACM32 on the net was that it might be some kind of audio compression file.HELP! Is this a bug,or do I need to get in a different topic.Any reply is greatly appreciated...Thanks...CNReddMSACM32.dll - msacm32.dll is a module containing functions for audio compression for 32-bit applications.

I will move this topic to the Computer software forum. I don't think this is malware related.I appreciate that you put this in the right category...I wasn't sure.Could this have anything to do with the Windows SP3 download? I hate to think that,but thats when it started.I am also leary of removing that without some more educated opinions.Thanks in advance....CNReddNot sure whats causing it. A few things to try.

Try running sfc /scannow, Start > Run type sfc /scannow then click OK. Make sure that the Windows XP installation cd is in the computer.

Try downloading the msacm32.dll file from http://www.webzila.com/?wz=dll then register it with your system by following these instructions: http://forum.webzila.com/index.php?showtopic=543OK....XP was already installed when I purchased the PC,so all I have is the back-up that was suggested I make.I placed it in the pc and followed the "run" commands and got nothing.It verified that all windows files were intact and then did nada.As for step 2, that hasn't resolved anything either.I considered restoring to factory specs,but this issue will not allow me to burn a cd or dvd.Now what?Post a HJT log so we can do a quick check for malware. Although I don't think it is malware it won't hurt to look real fast.

Download and rename TrendMicro HijackThis.exe (HJT)

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.

Close HijackThis and rename it.
Go to C:\Program Files\TREND Micro\HijackThis.exe
Right click on HijackThis.exe and select Rename.
Type in sniper.exe and press Enter.
Right-click on sniper.exe and select Send To > Desktop (create shortcut)

From the desktop open HijackThis.
If using Windows Vista, Right-click and Run As Administrator.
Click on the Do a system scan and save a log file button
Hijackthis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

Although we have renamed HijackThis to sniper, we will still refer to it as HijackThis or HJT.Have you tried to uninstall SP3?
Have you tried sytem restore?
Ok,Egghead,give me a bit and I'll have that for you.As for the last post,I'm unsure and uninformed on deleting SP3,so I won't unless I hear otherwise.As far as a restore,I tried several restore points,going back nearly a month,and my system will not allow it.I'v had this problem before,too,and I don't understand why it will not allow a restore.Ok,dude...here my grocery list.....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:25:42 AM, on 7/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe
C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exeC:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\SPEEDB~1\VideoAccelerator.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\system32\sol.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Program Files\Common Files\AOL\1165668632\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.197.97.135:80
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
F3 - REG:win.ini: load=
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI ROBOFORM\roboform.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RCSystemTray] "C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe"
O4 - HKLM\..\Run: [MagicSpeed] "C:\Program Files\SamsungODD\Magic Speed\MagicSL.exe" /autorun
O4 - HKLM\..\Run: [dvd43] "C:\Program Files\dvd43\dvd43_tray.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1165668632\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Window Washer] "C:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_S6BBA.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Iolo Macro Magic.lnk = C:\Program Files\iolo\Macro Magic\Macros.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/MyFunCardsFWBInitialSetup1.0.1.0.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v46/solitairerush/solitairerush.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200135186109
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://drm1.reelsurvey.com/ePlayer/V3_2_0_0/ACNePlayer.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 11440 bytes

Thanks in advance,manI'm moving this thread to the Computer viruses and spyware forum.

Go here HERE and do the SCANS. Post the logs when complete.

Solve : SYSTEM32 message;virus,malware or other??

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment