Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

DDE Server Window, IE, Outlook Errors, Google Redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 13th, 2009, 7:14 pm

Here is my PostMe.txt file:

[SC] ChangeServiceConfig SUCCESS

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 2 START_PENDING
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x7d0
PID : 1136
FLAGS :

SERVICE_NAME: wscsvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE,NOT_PAUSABLE,ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

**************

After I did a restart, I found that the Security Center was again not available. Perhaps Norton Internet Security
is turning it off to avoid conflicts, or the XP Security Center is detecting Norton and turning itself off ?
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm
Advertisement
Register to Remove

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 14th, 2009, 12:50 pm

Most services depend on other services, which also depend on others, etc. It may be a race condition, in which a chainload of dependencies is waiting for a first one to fire up.

It's a bit of a mystery, though - you might want e-mail Microsoft and enquire them.

Click Start>Run and enter services.msc
Scroll down towards the service named "Security Center", then double click it.
Please take screenshots of both the General and the Dependencies tab. (To make a screenshot of just the active window, press Alt+PrintScreen) and again upload them at imageshack.us
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 14th, 2009, 7:02 pm

These are the Direct Links to the screen shots:

http://img193.imageshack.us/img193/9294 ... eneral.png

http://img193.imageshack.us/img193/5427 ... endenc.png

Remote Procedure Call and Windows Management Instrumentation are started.

*************

I e-mailed a question to Microsoft concerning the Security Center issue.
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 15th, 2009, 1:15 am

Strange. The service is set to "Disabled", while my earlier script should have set it to "Automatic".

Again, click Start>Run>services.msc
Double click the Security Center service
Set startup type to automatic
Click OK
Exit the window

Reboot and tell me if the service is now available.

Also let's see whether the computer may have been reinfected:
DDS (Doesn't Do Squat)
Download DDS by sUBs to your desktop.
Your antivirus software might question the file. If it does, turn it off please :)
  • Double click DDS.scr to run it and wait for the scan to finish
  • When finished DDS.txt will open
  • A small while later, a prompt will open. Answer Yes
  • DDS will continue scanning
  • When done, Attach.txt will open
  • Post DDS.txt and attach Attach.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 15th, 2009, 8:15 pm

After setting the startup type to Automatic and restarting, the Security Center was still unavailable. According to
the Event Viewer, the Windows Security Center Service started but immediately stopped.

*******************
Here is my DDS.txt file:

DDS (Ver_09-05-14.01) - NTFSx86
Run by HP_Administrator at 18:58:19.39 on Fri 05/15/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1474 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uStart Page = hxxp://www.cnn.com/
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTDVDDET] "c:\program files\creative\sbaudigy4\dvdaudio\CTDVDDET.EXE"
mRun: [CTSysVol] c:\program files\creative\sbaudigy4\surround mixer\CTSysVol.exe /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [CTHelper] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Share-to-Web Namespace Daemon] c:\program files\hp\hp share-to-web\hpgs2wnd.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/do ... ysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab

============= SERVICES / DRIVERS ===============

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-2 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2006-9-2 108648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-1 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090515.003\NAVENG.SYS [2009-5-15 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090515.003\NAVEX15.SYS [2009-5-15 876144]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-1 1251720]

=============== Created Last 30 ================

2009-05-06 20:13 <DIR> --d----- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-05-06 20:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-04 22:23 <DIR> --d----- C:\GMER
2009-05-04 22:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-04 22:19 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-04 22:04 <DIR> --d----- c:\windows\system32\appmgmt
2009-05-04 00:21 <DIR> --d----- c:\program files\trend micro

==================== Find3M ====================

2009-03-29 12:39 2,347,904 a------- C:\FixDwndp.exe
2009-03-21 09:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 22:18 934,792 -------- c:\windows\system32\dllcache\WgaTray.exe
2009-03-10 22:18 239,496 -------- c:\windows\system32\dllcache\wgaLogon.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 a------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 05:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2007-01-20 23:55 22 a--sh--- c:\windows\sminst\HPCD.sys

============= FINISH: 18:59:50.04 ===============

*********************
I attached the Attach.txt file.

*********************
I also attached Microsoft's response. I will wait for your instructions before I proceed with their solution(s).
You do not have the required permissions to view the files attached to this post.
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 16th, 2009, 3:03 am

The DDS log is clean of malware.

I don't quite understand why Microsoft wants to fix your Windows Update while the problem is with your Security Centre..... but maybe that's just me.

As this appears to no longer be a malware issue, I think it's best if you proceed with the advice given by Microsoft.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 16th, 2009, 5:34 pm

I completed all of the MS suggested fixes, but nothing changed.
Their scan did not find any viruses or spyware, but there were
366 (!) Registry items detected.

I also had a very long chat session with a Norton technician
from the other side of the world who concluded that "Norton
is working fine and is not blocking your Windows firewall."
However, he had no answer about the Security Center being
disabled.

Later, I Googled this issue and discovered that checking the box
in the Norton Protection Center Options for "Show messages from
Windows Security Center" causes the Windows Security Center
to activate. :)

Perhaps we are ready to declare victory?

Thanks for your patience, persistence, and professionalism. As I
indicated before, I donated some Obama dollars. You can only
use them, however, in purchasing a GM, Ford, or Chrysler motor
vehicle.
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 17th, 2009, 2:12 am

but there were 366 (!) Registry items detected.
Do you have a log of some sort? If there are some leftover orphans lurking, I'll be happy to blast them away.

Great news on the Security Centre :cheers: :cheers: and many thanks for the kind thanks :flower:
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 17th, 2009, 12:21 pm

I don't have a log, but here is the Direct Link to the MS scan results:

http://img269.imageshack.us/img269/17/m ... ummary.png

There are many issues relating to COM/ActiveX (232 items) and System Software (104 items).
I can't imagine why there are so many issues, but perhaps I should let MS fix them. I understand
that they create a Restore Point first.

Thanks again.
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 18th, 2009, 1:28 am

They are most likely leftovers or orphans from previous infections. Actually - they may not all be from infections - the scanner also seems to flag your temp files, those are not bad, only unneeded. We already know all active infections are gone (because I didn't see any in your logs), so even though those items found might be found rightfully, it won't make an incredible difference to remove them.

Either way - Microsoft probably knows what they're doing seeing as they were the folks that created your operating system :)
Feel free to have them fix everything their scan finds. (But be sure to have a system restore point ready..... just in case)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 18th, 2009, 10:19 pm

I let MS perform the cleanup. 356 Registry items were fixed, but there
were errors with 11 of the items, mostly COM/ActiveX issues. Everything
appears to be working OK.

Thanks for your help.

Steve
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 19th, 2009, 9:00 am

Great to hear everything seems to be working OK now :cheers: I don't think there is any need at all to worry about the few things that weren't successfully cleaned up. :)

Is there anything else I can do for you or can this topic be closed now?
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby slrowe » May 19th, 2009, 9:18 am

You may close this topic.

Thanks for everything.

Steve
slrowe
Banned Member
 
Posts: 31
Joined: April 23rd, 2009, 1:03 pm

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Odd dude » May 19th, 2009, 9:28 am

You are very welcome. :flower:

Take care.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: DDE Server Window, IE, Outlook Errors, Google Redirection

Unread postby Elrond » May 19th, 2009, 11:03 am

slrowe this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware