Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis Log: CPU 100% Consumed and IE Stops Working After

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJackThis Log: CPU 100% Consumed and IE Stops Working After

Unread postby Rogue Ranger » October 16th, 2007, 11:38 am

Hello there,

I have gone through the beginning steps (and a few others):

Spybot S&D - found nothing.
Trojan Hunter - ran multiple times, found and fixed a few things, eventually it came back clean.

Ran all the Online Scanners I could.

    - Two tried to go back to there web site but failed because that is part of my problem, therefore they could not complete.
    - Three completed but found nothing.
    - One I couldn't get to.
The above tools cleaned what they could, but I still have the problem.

My problem is when I boot in normal mode a process consumes 100% of CPU. The process is listed in the Task Manager as:
    Image Name: SYSTEM
    User Name: SYSTEM
This does not happen when I boot in safe mode.

My other problem happens is both normal mode and safe mode with networking. After about five minutes IE stops working, all links are diverted to a different page that says "Error server not found". The most common address was 207.46.150.50, if that helps. I cannot type in any of the text fields in IE. After IE locks up, I have to reboot to use it again.

This a great service and I wanted to thank everyone involved in advance for any help. It extremely appreciated.

Here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:36 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office 2003\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office 2003\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\SiteHound\SiteHound.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\SiteHound\SiteHound.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1551454781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1551256453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOMFI~1\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm
Advertisement
Register to Remove

Unread postby askey127 » October 23rd, 2007, 2:58 pm

Rogue ranger,
Sorry for the delay. Kind of backed up here.
-----------------------------------------------------------
Remove log items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} -
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} -
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} -

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT THE MACHINE, IN NORMAL MODE IF IT WILL.
DO NOT BOOT TO SAFE MODE WITH NETWORKING, UNLESS ABSOLUTELY NECESSARY, AS YOU WILL HAVE INADEQUATE ANTIVIRUS AND FIREWALL PROTECTION.
USE PLAIN SAFE MODE IF YOU HAVE TO, COPY IN/OUT FILES AND RESULTS TO/FROM A FLASH DRIVE , AND USE ANOTHER MACHINE TO REPLY.
-----------------------------------------------------------
If you can get to the Control Panel.
Use Add/Remove and remove every version of Java, JRE, JSE that you can find.
-----------------------------------------------------------
Uninstall Flashget
The unregistered version of FlashGet packages itself with Cydoor adware and is supposed to remove the adware if you register.
I would strongly recommend removing this software. I suggest you remove it via the Control Panel's Add/Remove Programs feature.
We are removing the Flashget entries with HijackThis.
For some reviews of download managers, see here : http://www.safer-networking.org/en/articles/download-managers.html
Eventually, you might want to take a look at an alternative called Leechget here : http://www.leechget.net/en/
--------------------------------------------------------
Go to My Computer, right click the C: drive and choose Properties.
Please record what it reports for Used space and free space on the drive and report that back in your next post.
-----------------------------------------------------------
Post a New HiJackThis Log
Reboot your computer. (Normal mode if possible). Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

Also please tell me what boot modes are available now, whether you can get to the Control Panel, and what percent Free space is reported.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 24th, 2007, 3:13 am

Hello askey127,

Thanks for help. I appreciate the time and effort.

I did what you asked and the problem still remains.

I can boot in all of the modes. I can boot in normal mode, it is difficult (it's very slow) to do anything because of the rogue SYSTEM process using all of the CPU. In safe mode. the SYSTEM process does not consume the CPU, so it is easier to do things.

I removed FlashGet. I will try the other download managers, thanks for the info.

I can get to the control panel in normal mode (all modes), it is just slow.

Here is additional information you requested, the C: Drive properties and the new HiJackThis log.

Again, thanks for the help.

-- Tim

------------------------------------------------------

C: Drive Properties

Used space: 55.6 GB
Free space: 18.8 GB
Capacity: 74.4 GB

------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:02:08 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\VCOMFI~1\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\VCOMFI~1\mxtask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\SiteHound\SiteHound.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOMFI~1\MemCheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\SiteHound\SiteHound.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1551454781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1551256453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOMFI~1\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 24th, 2007, 7:48 am

Rogue Ranger,
We need to set up some things and get a bit more info first.
You have a lot of protections on board that can interfere with analysis and repairs. We will temporarily disable them.
-------------------------------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the older version 1.4, Click on Exit Spybot S&D Resident
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
-----------------------------------------------------------
Disable Trojan Hunter Guard
Go to TrojanHunter Guard in the lower right corner of your screen. It is a light blue icon with a magnifying glass that can be difficult to see but the handle is red. Right click it and select settings. Uncheck "Load at startup" and "Enabled".
-----------------------------------------------------------
Disable A-Squared Guard
- Open a-square
- Click on "Configure Background-Guard"
- Deselect "Enable background guard on system startup"
- Close window
- Close a-square
-----------------------------------------------------------
Disable WinPatrol
- Right Click the 'Scotty Dog' icon in the system tray
- Click Options
- At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts
-Click the X to end program.
- Right Click the 'Scotty Dog' icon in the system tray again
- Click Exit Program
-----------------------------------------------------------
Reboot your machine for All these the changes to take effect
-----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Registry block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner if it's not already running.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------------
Check Security Center in Control Panel
From Start, Settings, Control Panel or Start, Control Panel, doubleclick Security Center.
Please post what it reports for AntiVirus Application and its ON/OFF Status.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

So we are looking for the contents of CCleaner's Install.txt, the info from Security Center, and a fresh log (Normal Mode if possible-Sorry) from HijackThis.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 24th, 2007, 1:41 pm

Thanks for the quick response.

I disabled the Tools you requested.

Here is the additional information you requested.

-- Tim

-------------------------------------------------------------------

Security Center reported no Virus Protection not found.

-------------------------------------------------------------------

CCleaner's Install.txt:

23_24_2500Tour
2400
2400_2500Help
2400_2500trb
3C Texas Holdem Poker
3D Canvas
7-Zip 4.42
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Help Center 2.1
Adobe Photoshop 5.0 Limited Edition
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 3.0 Templates Tryout
Adobe Premiere Elements 3.0 Tryout
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader 8.1.0
Adobe® Photoshop® Album Starter Edition 3.0
A-FF Repair Station v4.3
AiO_Scan
AIOMinimal
AiOSoftware
Alibre Design
All Mobile
Alleycode HTML Editor 2.16.2
Allofmp3 Explorer
allTunes
Apple Software Update
a-squared Free 3.0
AusLogics Disk Defrag
AVG Anti-Rootkit Free
Banctec Service Agreement
Bink and Smacker
CadStd
Caligari trueSpace3.2
CardRd81
CCHelp
CCleaner (remove only)
CCScore
City of Heroes (remove only)
Civilization III
Copy
CR2
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
Creative Removable Disk Manager
Creative System Information
CreativeProjects
Dell Networking Guide
Dell ResourceCD
Dell Solution Center
Dell Support
Dev-C++ 4
Director
D-Link AirPlus Xtreme G Adapter
DocProc
DVDSentry
EasyGPS
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
EVGA Display Driver
Fax
Fix-It Utilities 7 Professional
Google Earth
Google SketchUp
Google SketchUp 6
Google Toolbar for Internet Explorer
Guild Wars
HDD Regenerator
Help and Support Customization
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
Hoyle Board Games 2005
Hoyle Card Games 2003
Hoyle Puzzle Games 2005
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Smart Web Printing 1.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InstantShare
Intel RSX 3D
Intel(R) Extreme Graphics Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
InterActual Player
Internet Explorer Default Page
iPod for Windows 2006-03-23
iTunes
KSU
Learn to Play Magic
LG USB Modem driver
LightScribe 1.8.15.1
Magic Online
Magic The Gathering Online Tutorial
MAGIX audio cleaning lab 2004
MapSource
MapSource - MetroGuide North America v6
MaxBlast 4
Maya 5.0 Personal Learning Edition
Maya 5.0 PLE Documentation Server
MediaFACE 4.01
MediaFACE 4.01 Image Library
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft DirectX 8 SDK
Microsoft Encarta Encyclopedia Standard 2004
Microsoft FrontPage 2002
Microsoft MSDN Express Library 2005 Beta - English
Microsoft Office Standard Edition 2003
Microsoft Publisher 2000
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft Visual C++ 2005 Redistributable
Move Networks Media Player for Internet Explorer
Move Networks Player for Internet Explorer
MP3 Player Utilities 4.12
MSN Entertainment Download Troubleshooter
MSN Music Assistant
MSXML 4.0
MSXML 6.0 Parser
NetBeans IDE 4.0
NetBeans IDE 5.5
Notifier
NVIDIA Drivers
OfotoXMI
OTtBP
OTtBPSDK
Overland
Panda ActiveScan
PC Inspector File Recovery
PCDLNCH
PhotoGallery
PHPEdit 2.6.1
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pinnacle USB device drivers 2
PowerDVD
PrintScreen
proDAD Heroglyph 2.5
Punch! Professional Home Design - Platinum
QFolder
Quicken 2007
QuickProjects
QuickTime
Readme
RealArcade
Rhapsody Player Engine
Ricochet Lost Worlds
Robot Wars: Arenas of Destruction
Roxio Activation Module
Roxio Backup MyPC
Roxio CinePlayer Decoder Pack
Roxio Creator 9 XE
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio DVD Info Pro
Roxio EasyArchive
Roxio Express Labeler 3
Roxio Media Experience
RunAlyzer
Scan
SeaTools for Windows
Secure Online Account Numbers
SFR
SFR2
Shockwave
Sid Meier's Pirates!
SiteHound for Internet Explorer 1.5.0
SkinsHP1
SkinsHP2
SmartSound Quicktracks Plugin
Sonic RecordNow!
Sonic Update Manager
SoundTaxi 2.7.9
SpiralFrog Download Manager 0.8.23
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Star Wars Battlefront
Star Wars Empire at War
Star Wars Galactic Battlegrounds: Saga
Star Wars Jedi Knight Jedi Academy
Star Wars®: Knights of the Old Republic (TM)
Starcraft
Stronghold 2
Stronghold Crusader
Studio 10
Studio 10 Bonus DVD
Studio 10.8 Patch
The Movies(TM)
TrayApp
TrojanHunter 5.0
Unload
VCAMCEN
Visual C++ 2005 Express Edition Beta - English
Visual SlickEdit 5.0
VPRINTOL
Warcraft II BNE
WebFldrs XP
WebReg
Windows Media Format 11 runtime
Windows Media Player 11
WinPatrol 2007
Wise Disk Cleaner 2.7
ZoneAlarm


-------------------------------------------------------------------

New HiJackThis log (in Normal mode)

Logfile of HijackThis v1.99.1
Scan saved at 10:24:58 AM, on 10/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\PROGRA~1\VCOMFI~1\mxtask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\VCOMFI~1\mxtask.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\D-Link AirPlus Xtreme G\AirPlus.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Discover deskshop Browser Helper Object - {8DB3D69D-DA5E-4165-B781-72A761790672} - C:\WINDOWS\system32\BhoDshop.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\SiteHound\SiteHound.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\SiteHound\SiteHound.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirusScannerPro] C:\PROGRA~1\VCOMFI~1\MemCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\SiteHound\SiteHound.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Secure Online Account Numbers - {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - C:\Program Files\Secure Online Account Numbers\SOAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 1551454781
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 1551256453
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOMFI~1\mxtask.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 24th, 2007, 2:44 pm

Rogue Ranger,
I may know about your problem. It is very likely to be a "broken" update routine for Adobe Acrobat 5.
We will test to see if that's correct, and then find a way to stop it.
First install one antivirus NOW.
-----------------------------------------------------------
YOU HAVE NO ANTI-VIRUS PROGRAM
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
*Grisoft AVG from here : http://free.grisoft.com/doc/1
*AntiVir Free from here : http://www.free-av.com/
*Avast Home Edition from here : http://www.avast.com/eng/down_home.html

Next let's try plan A:
-----------------------------------------------------------
Stop Process after Bootup
While it is very slow after bootup, Close ALL open windows. Use Ctrl-Alt-Delete together to bring up the task manager.
Under the processes tab, if it is visible, check the box 'Show processes from all users'.
Take a look at CPU usage and find the processes with highest numbers. I think they will look like the filename below.
One at a time, highlight each of these that are listed and "End Process":

AdobeUpd.exe
<== this may not be the exact name. Look for a hint that it's "Adobe Updates"


Stop process on each of those (there could be two the same) and note down the exact filename.
If this succeeds, and IE runs well, you don't need plan B; below. Post back and we will rename the file so it can't start on Reboot

If that Fails to speed things up immediately, we can try plan B:
-----------------------------------------------------------
Stop, Disable and Delete A Service
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find the service.

Adobe LM Service

Click once on the service to highlight it.
Right-Click on the service. Click on Properties
Select the General tab.
Next to Service Status, click Stop.
Click the Arrow-down tab on the right-hand side of the Start-up Type box.
From the drop-down menu, click on Disabled
Click Apply , then OK

Let me know which, if either, worked for you.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 25th, 2007, 3:05 am

I installed AVG Anti-virus. It scanned and found no threats.

There were no Adobe* processes running, so I couldn't stop them.

In the Services window, the Adobe LM Service was already stopped and disabled. There was a different Adobe service running. I tried stopping that, but the problem remained.

So neither suggestion worked.

I also tried, using msconfig, stopping all services that were not Microsoft and rebooting, but the problem still occured.

-- Tim
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 25th, 2007, 6:26 am

After you boot, as soon as it settles down, use task manager (Ctrl-Alt-Del) in the processes tab and see what is the name of the process(es) using most of the CPU. Make sure that "Show processes from all users" is checked at the bottom.

"System Idle Process" should be using most of the CPU (like 98%).
If another process has a number above 5, note down what the name is and post back here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 25th, 2007, 10:18 am

The Image Name is "System"; the User Name is "SYSTEM" and it shows 99 in the CPU.

"End Process" does not stop the process.

-- Tim
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 25th, 2007, 11:13 am

Your system is not being affected by malware.
(You should restart TrojanHunter and WinPatrol)
It most likely has to do with conflicts from your media services and their associated drivers.
You have Roxio, Kodak and Adobe all vying to automatically read your USB port for pictures.
You also have Pinnacle Media Services installed which has been a major problem to some users.

I think you are going to need to do a trial and error set of Uninstalls/ReInstalls to see which one is the direct cause.

I would recommend you consult with one of the good hardware forums
---------------------------------------------------------
Good Hardware Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 25th, 2007, 4:08 pm

Ok, thanks, I'll debug the CPU problem on my own and checkout the websites you suggested. Of course any other suggestions would be greatly appreciated.

What about my other problem?

    After about 5 minutes all IE links are redirected to an IP address (usually 207.46.150.50).
It seems like some kind of malware is taking over IE.

This occurs in both Safe Mode and Normal Mode.

It is also strange that both of these problems showed up at the same time.

-- Tim
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 25th, 2007, 5:17 pm

That's Microsoft!
You must have a delinquent update or some kind of unresolved issue.
They are just trying to update your system.
You might want to go to Windows Updates(Google) and download whatever you need to see what it is.

There is no malware issue there.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 25th, 2007, 7:17 pm

Ok, thanks.

I have a question about the HiJackThis log.

Should I delete the entries with the (file missing) tag on them?

For example:

    O23 - Service: Alias Maya 5.0 PLE Help Server (Maya5PLEHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya 5.0 Personal Learning Edition\docs/Wrapper.conf (file missing)
-- Tim
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm

Unread postby askey127 » October 25th, 2007, 8:11 pm

NO !!
You should leave the HijackThis Tool alone.
You can completely break your system with it.

Items with (file missing) notes are not usually correct on that score, and hardly ever correct on O23 lines
That line will go away if you Uninstall Alias Wavefront

It's important to Stop using the tool without advice.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby Rogue Ranger » October 25th, 2007, 10:01 pm

Turns out the problem was Zone Alarm. It was the first and only application I tried. After I uninstalled it both problems went away.

Again thanks for the assistance.

-- Tim
User avatar
Rogue Ranger
Active Member
 
Posts: 8
Joined: October 15th, 2007, 8:26 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware