Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

new file?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

new file?

Unread postby D_old man » March 5th, 2009, 9:09 pm

new to this and I am not sure if I am doing this correctly, please be gentle with me as I am an old man.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:40 PM, on 3/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Antispyware\Antispyware.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Eric\LOCALS~1\Temp\2008121115717_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Eric\LOCALS~1\Temp\2008121115715_mcinfo.exe /insfin
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Eric\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\Antispyware\Antispyware.exe -boot
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFA03AE8-9316-4DD2-B84D-B953987E310D}: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.122,85.255.112.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.122,85.255.112.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 9313 bytes
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm
Advertisement
Register to Remove

Re: new file?

Unread postby flashh4 » March 5th, 2009, 11:33 pm

Hello D_old man and welcome to the forums.

Please do not run any other programs with out my permission !!
Run all programs in the order posted !!!!!


My name is flashh4 and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
4. Please note you'll need to have Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
5. Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
6. Please post all request .......... not as a Attachment.

If you can do those things, everything should go smoothly.

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Note: I am still in training at Malware Removal, however I will be working under the direct supervision of one of our Malware Experts. Any recommendations will first be approved before being given to you. Because of this, there may be a short delay in getting our responses to you, however be assured that we will be working diligently on your problem.

I will be back as soon as possible with a fix !!
In the mean time can you give me an Uninstall list please !!


  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.


*Notes*
1. It would be very helpful if you informed me of which Antivirus and Firewall you are running or if it's disabled.
2. There is a 5 day limit which you must respond to this topic or it will be closed. Then you will have to start a new topic.


Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: new file?

Unread postby D_old man » March 6th, 2009, 8:11 pm

Chuck,

Thank you soooooo much, I am at work right now but as soon as I get home (within one hour) I will do EXACTLY as you indicated.

Can you "see" anything from the Hijack file that I sent?

Eric
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby D_old man » March 6th, 2009, 9:52 pm

Chuck,

Here is the file as you requested, things must be getting bad on this machine. My wife was unable to go to any site she Googled and email links would not open. Does this sounds fixable?

32 Bit HP CIO Components Installer
ABC Amber BlackBerry Editor
ACDSee
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Antispyware
Apple Mobile Device Support
Apple Software Update
AVG 8.5
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
Comcast High-Speed Internet Install Wizard
Digital Photo Navigator 1.5
Documents To Go
Drivers Install For Linksys Easylink Advisor
DVD Solution
DVD-CLONER V4.10 Build 914
DVDFab Decrypter 3.0.2.5
Finale NotePad 2003a
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
hp photosmart printer series (Remove only)
HP Solution Center 8.0
HP Update
HPSSupply
InCD
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LG ODD Auto Firmware Update
Linksys EasyLink Advisor 1.6 (0032)
Map Button (Windows Live Toolbar)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Launcher
Nero
Nero OEM
palmOne
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
Professor Answers
Professor Teaches Excel 2002
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 8.0
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Menus (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WD Diagnostics
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby flashh4 » March 7th, 2009, 11:26 pm

Hi D_old man, i have not forgot you, its just that we are very busy. I will post a fix soon, so stay tuned for fix.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: new file?

Unread postby D_old man » March 8th, 2009, 5:08 pm

Chuck,

No worries, we are not using that computer since the "malware" issue. I just hope that it is a fix that we can accomplish without having to take the case etc... to a computer shop.
Thank you

EWB
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby flashh4 » March 9th, 2009, 7:58 am

Hi D_old man, i to am an old man (62).Wanted to help people after i became infected a couple years ago, so here i am trying to learn. All our fixes are checked by a teacher so you are safe .... :lol: Now lets continue with the cleaning.

Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Close the Notepad file.
  • The log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt





NEXT




Download DDS

Download at your desktop DDS from one of the links below:

Link 1
Link 2
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.




Post these next:

1. Malwarebytes' log
2. DDS (2 logs)

Thanks
Chuck

I see no reason why this computer cannot be clean and safe.
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: new file?

Unread postby D_old man » March 9th, 2009, 12:17 pm

Chuck,

I am at work right now, but tonight I will follow these latest directions and send you the log files.

BTW, is there a particular reason that I cannot get my AVG protection to download the latest files? I keep getting a "connection" type error message, the same for running Spybot? I am guessing it is the infection.

Eric
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby D_old man » March 9th, 2009, 4:36 pm

Chuck,

Here are the three logs:

Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 2

3/9/2009 1:27:53 PM
mbam-log-2009-03-09 (13-27-53).txt

Scan type: Full Scan (C:\|)
Objects scanned: 136571
Time elapsed: 27 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Antispyware (Rogue.Antispyware) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{efa03ae8-9316-4dd2-b84d-b953987e310d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{efa03ae8-9316-4dd2-b84d-b953987e310d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{efa03ae8-9316-4dd2-b84d-b953987e310d}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.231,85.255.112.98 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Config.Msi\b0c08.rbf (Rogue.SpyCleaner) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-4-6-18-100024330-100025379-100030156-3110.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\tempo-323093.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxqsgsfipx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxpardnbmt.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxserv.sys (Trojan.Agent) -> Quarantined and deleted successfully.



HERE ARE THE DDS LOGS :



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/10/2006 11:03:16 AM
System Uptime: 3/9/2009 11:30:31 AM (2 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6533
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2390/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 123.136 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP195: 9/24/2008 2:28:31 PM - System Checkpoint
RP196: 10/5/2008 7:58:55 AM - System Checkpoint
RP197: 10/5/2008 9:50:58 AM - Installed BlackBerry Desktop Software 4.3.
RP198: 10/5/2008 10:02:24 AM - Installed Roxio Media Manager
RP199: 10/5/2008 10:25:44 AM - Installed BlackBerry Desktop Software 4.6.
RP200: 10/5/2008 10:27:33 AM - Removed BlackBerry Desktop Software 4.3.
RP201: 10/5/2008 10:39:30 AM - Installed Roxio Media Manager
RP202: 10/6/2008 6:12:52 PM - System Checkpoint
RP203: 10/9/2008 11:00:04 AM - System Checkpoint
RP204: 10/13/2008 1:16:54 PM - System Checkpoint
RP205: 10/15/2008 4:36:53 PM - Removed Japanese Fonts Support For Adobe Reader 8
RP206: 10/27/2008 2:31:41 PM - System Checkpoint
RP207: 10/31/2008 8:09:35 AM - System Checkpoint
RP208: 11/1/2008 12:02:09 PM - System Checkpoint
RP209: 11/4/2008 7:35:27 AM - System Checkpoint
RP210: 11/6/2008 4:54:10 PM - Shockwave Player
RP211: 11/11/2008 7:07:27 PM - Removed E-Center
RP212: 11/11/2008 7:07:53 PM - Configured Your Application Name
RP213: 11/11/2008 7:08:24 PM - Removed Your Application Name
RP214: 11/11/2008 7:09:13 PM - Removed Digital Photo Navigator 1.5
RP215: 11/11/2008 7:10:56 PM - Removed LUMIX Simple Viewer
RP216: 11/11/2008 7:26:02 PM - Removed Desktop Doctor
RP217: 11/13/2008 2:28:07 PM - System Checkpoint
RP218: 11/15/2008 11:47:24 AM - System Checkpoint
RP219: 11/17/2008 2:36:22 PM - System Checkpoint
RP220: 12/11/2008 4:17:22 PM - Installed AVG Free 8.0
RP221: 12/12/2008 4:26:03 PM - Avg8 Update
RP222: 12/19/2008 12:06:28 PM - Installed Digital Photo Navigator 1.5
RP223: 12/24/2008 2:14:42 PM - Software Distribution Service 3.0
RP224: 1/4/2009 7:35:25 PM - Installed Java(TM) 6 Update 11
RP225: 1/28/2009 3:22:28 PM - Removed Adobe Reader 8.1.2
RP226: 2/5/2009 5:14:05 PM - Installed BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone.
RP227: 2/14/2009 6:18:41 PM - Software Distribution Service 3.0
RP228: 2/25/2009 7:18:14 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
ABC Amber BlackBerry Editor
ACDSee
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.3
Adobe Shockwave Player
AIO_Scan
Apple Mobile Device Support
Apple Software Update
AVG 8.5
BlackBerry Desktop Software 4.6
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
BufferChm
C4200
c4200_Help
Comcast High-Speed Internet Install Wizard
Copy
Destinations
DeviceManagementQFolder
Digital Photo Navigator 1.5
DocProc
DocProcQFolder
Documents To Go
Drivers Install For Linksys Easylink Advisor
DVD-CLONER V4.10 Build 914
DVD Solution
DVDFab Decrypter 3.0.2.5
eSupportQFolder
Finale NotePad 2003a
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
hp photosmart printer series (Remove only)
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
InCD
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LG ODD Auto Firmware Update
LightScribe 1.4.74.1
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Launcher
Nero
Nero OEM
palmOne
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
Professor Answers
Professor Teaches Excel 2002
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 8.0
Roxio Media Manager
Scan
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Menus (Windows Live Toolbar)
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

==== Event Viewer Messages From Past Week ========

3/9/2009 11:34:29 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 25 time(s).
3/9/2009 11:34:29 AM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 5 time(s).
3/9/2009 11:31:59 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
3/6/2009 5:55:46 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 55 time(s).
3/6/2009 5:55:46 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 11 time(s).
3/6/2009 5:51:09 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 32 time(s).
3/6/2009 5:51:09 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 4 time(s).
3/6/2009 5:51:09 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 7 time(s).
3/6/2009 5:46:23 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 6 time(s).
3/6/2009 5:46:23 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
3/6/2009 4:18:32 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 7 time(s).
3/6/2009 4:18:32 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
3/6/2009 4:18:32 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 3 time(s).
3/6/2009 2:10:00 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 15 time(s).
3/6/2009 2:10:00 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 5 time(s).
3/6/2009 2:05:59 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 4 time(s).
3/6/2009 2:05:59 PM, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
3/6/2009 2:05:57 PM, error: DCOM [10005] - DCOM got error "%230" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/6/2009 2:05:54 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/6/2009 7:20:48 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 45 time(s).
3/6/2009 7:15:48 AM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 39 time(s).
3/5/2009 5:42:49 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 826 time(s).
3/5/2009 5:42:49 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 60 time(s).
3/5/2009 5:22:30 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 627 time(s).
3/5/2009 5:22:30 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 50 time(s).
3/5/2009 5:20:02 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 561 time(s).
3/5/2009 5:20:02 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 45 time(s).
3/5/2009 5:12:24 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 545 time(s).
3/5/2009 5:12:24 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 43 time(s).
3/5/2009 5:08:39 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 527 time(s).
3/5/2009 5:08:39 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 42 time(s).
3/5/2009 4:31:58 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/5/2009 4:31:37 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 9 time(s).
3/5/2009 4:15:44 PM, error: Service Control Manager [7034] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 9 time(s).
3/5/2009 4:15:44 PM, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 7 time(s).
3/9/2009 11:42:36 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================


LAST DDS FILE:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Eric at 13:29:42.92 on Mon 03/09/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1279.670 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Eric\Desktop\dds.scr
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/a/
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
uRun: [PowerBar]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [LxrAutorun] c:\documents and settings\eric\local settings\application data\lexar media\LxrAutorun.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Cleanup] c:\docume~1\eric\locals~1\temp\2008121115717_mcappins.exe /v=3 /cleanup
mRun: [msci] c:\docume~1\eric\locals~1\temp\2008121115715_mcinfo.exe /insfin
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\datavi~1.lnk - c:\program files\common files\dataviz\DvzIncMsgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-4 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-4 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-4 107912]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-4 298264]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-3-22 72672]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-9 38496]

=============== Created Last 30 ================

2009-03-09 12:44 <DIR> --d----- c:\docume~1\eric\applic~1\Malwarebytes
2009-03-09 12:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-09 12:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-09 12:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-09 12:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-05 17:31 <DIR> --d----- c:\program files\Trend Micro
2009-03-05 17:13 54,156 a---h--- c:\windows\QTFont.qfn
2009-03-05 17:13 1,409 a------- c:\windows\QTFont.for
2009-03-04 19:17 <DIR> --d----- c:\docume~1\eric\applic~1\Antispyware
2009-03-04 10:03 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-03-04 10:03 107,912 a------- c:\windows\system32\drivers\avgtdix.sys
2009-03-04 10:02 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-03-04 10:02 <DIR> --d----- c:\windows\system32\drivers\Avg

==================== Find3M ====================

2009-01-20 11:30 130,349 ac------ c:\windows\hpoins13.dat
2009-01-17 14:54 103,994 a------- c:\windows\hpqins01.dat
2009-01-04 20:35 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-20 16:15 826,368 a------- c:\windows\system32\wininet.dll
2007-02-20 20:20 87,608 ac------ c:\docume~1\eric\applic~1\ezpinst.exe
2007-02-20 20:20 47,360 ac------ c:\docume~1\eric\applic~1\pcouffin.sys
2004-10-01 16:00 40,960 ac------ c:\program files\Uninstall_CDS.exe
2004-08-04 05:00 94,784 -c-sh--- c:\windows\twain.dll
2004-08-04 05:00 50,688 -c-sh--- c:\windows\twain_32.dll
2004-08-04 05:00 1,028,096 ---sh--- c:\windows\system32\mfc42.dll
2004-08-04 05:00 413,696 ---sh--- c:\windows\system32\msvcp60.dll
2004-08-04 05:00 11,776 ---sh--- c:\windows\system32\regsvr32.exe

============= FINISH: 13:29:56.43 ===============


Chuck, I really hope this works!

Eric
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby D_old man » March 9th, 2009, 4:50 pm

Chuck,

The appearance is that your instructions have the desired effect, we were able to open IE w/o being directed to another site, BTW my AVG was able to update itself.

You are an inspiration and I would definitey support this site, just guide me in the correct direction!!

Eric
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby flashh4 » March 9th, 2009, 8:49 pm

Hi D_old man (Eric), glad that helped but we have more work to do.
Please post a new HJT log.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: new file?

Unread postby D_old man » March 9th, 2009, 9:57 pm

Chuck,

Damn, thought that was all?

Latest HJT file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:55:57 PM, on 3/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Documents and Settings\Eric\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/a/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Eric\LOCALS~1\Temp\2008121115717_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Eric\LOCALS~1\Temp\2008121115715_mcinfo.exe /insfin
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [LxrAutorun] C:\Documents and Settings\Eric\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\system32\HPHipm09.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

--
End of file - 8698 bytes
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby D_old man » March 9th, 2009, 10:04 pm

Chuck,

Here is the Uninstall manager list also:

32 Bit HP CIO Components Installer
ABC Amber BlackBerry Editor
ACDSee
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
AVG 8.5
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
BlackBerry Device Software v4.5.0 for the BlackBerry 8330 smartphone
Comcast High-Speed Internet Install Wizard
Digital Photo Navigator 1.5
Documents To Go
Drivers Install For Linksys Easylink Advisor
DVD Solution
DVD-CLONER V4.10 Build 914
DVDFab Decrypter 3.0.2.5
Finale NotePad 2003a
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
hp photosmart printer series (Remove only)
HP Solution Center 8.0
HP Update
HPSSupply
InCD
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LG ODD Auto Firmware Update
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Map Button (Windows Live Toolbar)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft LifeCam
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Launcher
Nero
Nero OEM
palmOne
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
Professor Answers
Professor Teaches Excel 2002
QuickTime
RealPlayer
Realtek AC'97 Audio
Registry Mechanic 8.0
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Smart Menus (Windows Live Toolbar)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WD Diagnostics
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Favorites for Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm

Re: new file?

Unread postby flashh4 » March 10th, 2009, 7:48 am

Hi D_old man, Remove A Program Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight this Entry, if it exists, and choose Remove :

Java(TM) 6 Update 7

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.


Download the latest version of Java Runtime Environment(JRE), and install it to your computer.
It is the 1st one on the page, called Java Runtime Environment (JRE) 6 Update 12
Select Windows, multi-language, and check to agree to the license.
Download it, choose save, and save it to your desktop.
Then doubleclick it, and it will install the newest version of Java for you to use.



NEXT




Update Adobe Reader

  1. Please uninstall Adobe Reader 8.1.3 before installing the latest version by going to Start > Control Panel and double clicking on Add/Remove Programs. Locate Adobe Reader 8.1.3 and click on Change/Remove to uninstall it.
  2. Click here to download the latest version of Adobe Acrobat Reader.
  3. Select your Windows version and click on Download. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you.

    If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
  4. Close your Internet browser and open it again.




NEXT



Run Kaspersky Online AV Scanner
Note: Internet Explorer should be used.

Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.




Please post next:
1. Kaspersky report
2. New HJT log.

Thanks
Chuck
User avatar
flashh4
Regular Member
 
Posts: 2276
Joined: June 7th, 2005, 8:36 pm
Location: wyoming

Re: new file?

Unread postby D_old man » March 10th, 2009, 8:20 pm

Chuck,

Tried three times to load Kaspersky, kept getting errors? Turned off all anti-virus programs. I will try again later or tomorrow. I did do the first parts so hopefully this will work.

EB
D_old man
Active Member
 
Posts: 12
Joined: March 5th, 2009, 8:48 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 60 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware