Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Too much removed?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Too much removed?

Unread postby Dusky » March 29th, 2010, 7:08 am

Hi there,
Some weeks ago I accidentally clicked on, what looked like an update for Flash player. It looked genuine but afterward
the problems started. The MS Media Player stopped working (no response from clicking on the shortcut) Tried directly from
the player .exe file, nothing. In the web browser (MS internet explorer) the flash player stopped working and the page with
the previews on YouTube only showed the top few rows. After downloading Google Chrome and VLC player I can access everything.
Attempts to clean the Trojan were successful (I think) but did I delete too much or is something blocking MS Media player and browser?
I used mBam, Advanced SystemCare and AVG.
thanks for your help and here are the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:04 p.m., on 29/03/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\AASP\1.00.59\aaCenter.exe
C:\Program Files (x86)\AGEIA Technologies\TrayIcon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\ASUS\AiNap\AiNap.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\Quad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Quad\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files (x86)\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files (x86)\ASUS\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Quad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.cricinfo.com/iccct2009/engine/current/match/415279.html?template=cricinfo3d"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files (x86)\Yahoo!\Common\yiesrvc.dll
O13 - Gopher Prefix:
O16 - DPF: {004DF9D9-566D-11D7-B77D-00E018901A05} (Iqeye Control) - http://83.87.129.171:88/iqeye.ocx.gz
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://cameras.homeentertainmentinc.com:81/IPV6CAM.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/d ... .2.5.0.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} (DigiMeldOcx Control) - http://www.digimeld.com/download/digimeldOcx.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://activex.webcam.nl/AxisCamControl.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: DFS Replication (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate1c986b7cfcefe86) (gupdate1c986b7cfcefe86) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files (x86)\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files (x86)\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Locator (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Software Licensing (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Virtual Disk (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 10331 bytes
32nd America's Cup 0.2.0.0
3DMark06
Acrobat.com
Acrobat.com
Ad-Aware
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11
Advanced SystemCare 3
Adventure Chronicles: The Search for Lost Treasure
AGEIA PhysX v2.3.3
AI Suite
Alabama Smith in the Quest of Fate
Alabama Smith: Escape from Pompeii
Ancient Secrets
AnvSoft Photo Flash Maker Pro 4.87
Apple Application Support
Apple Software Update
ArcSoft PhotoStudio 2000
ArcSoft Software Suite
ASUSUpdate
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Autumn's Treasures: The Jade Coin
AVG Free 9.0
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Azada: Ancient Magic
Babelgum
Big Fish Games: Game Manager
Blood Ties
Book of Legends
Cassandra's Journey: The Legacy of Nostradamus
Choice Guard
ConvertXtoDVD 3.5.2.137
Curse of the Pharaoh: Tears of Sekhmet
Curse of the Pharaoh: The Quest for Nefertiti
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Detective Stories: Hollywood
Drawn: The Painted Tower ™
Emperor: Battle For Dune
Escape the Museum
Escape the Museum 2
FileHippo.com Update Checker
Flux Family Secrets: The Ripple Effect
FLV Player 2.0, build 23
Free Window Registry Repair
FreeFixer
FreshDiagnose
FreshUI
GameHouse
Genius SlimStar 310 Hotkey driver
Ghost Recon Advanced Warfighter
Google Earth
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GrandBilliards 1.0
Hidden Expedition ® - Devil's Triangle
Hidden Relics
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IL-2 Sturmovik
Interpol: The Trail of Dr. Chaos
ioCentre
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
Kuros
Laura Jones and the Gates of Good and Evil
Laura Jones and the Secret Legacy of Nikola Tesla
LimeWire 5.4.7
Logitech Desktop Messenger
Logitech Updater
luxor 2
luxor 2 (remove only)
Macromedia Dreamweaver 4
Macromedia Extension Manager
Magic Academy II
Magic Encyclopedia: Moon Light
MailWasher Free 6.5.2
Malwarebytes' Anti-Malware
Margrave Manor 2: The Lost Ship
marvell 61xx
Marvell MRU
Microsoft Choice Guard
Microsoft Combat Flight Simulator 3.1
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Office 97, Professional Edition
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Midnight Mysteries: The Edgar Allan Poe Conspiracy
Mortimer Beckett and the Time Paradox
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mushroom Age
Mystery Age: The Imperial Staff
Mystery Case Files®: Dire Grove™ Collector's Edition
Mystery Case Files: Return to Ravenhearst ™
Mystery of Unicorn Castle
Mystery Stories: Berlin Nights
Mystic Diary: Lost Brother
Nancy Drew: Last Train to Blue Moon Canyon
Natalie Brooks: Mystery at Hillcrest High
NCH Toolbox
Need for Speed™ Most Wanted
Nero 7 Essentials
OpenOffice.org 2.3
PC Inspector File Recovery
Penny Dreadfuls™ Sweeney Todd
PHOTOfunSTUDIO -viewer-
PhotoStage Slideshow Producer
Pinnacle VideoSpin
Princess Isabella: A Witch's Curse
PuppetShow: Mystery of Joyville ™
QuickTime
Race - The WTCC Game
Race - The WTCC Game
Race Dedicated Server
RealPlayer
Realtek High Definition Audio Driver
Reincarnations: Awakening
Righteous Kill
SA31xx Device Manager & Media Converter
Safari
Safecracker
Samantha Swift and the Golden Touch
Samantha Swift and the Hidden Roses of Athena
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
SILKYPIX Developer Studio 2.0 SE
SimCity 3000
Skype™ 4.0
Smart Defrag 1.20
Spelling Dictionaries Support For Adobe Reader 8
Splinter Cell Pandora Tomorrow
Sprill and Ritchie: Adventures in Time
Steam
Strange Cases: The Tarot Card Mystery
TestDrive Client
The Clumsys 2: Butterfly Effect
The Da Vinci Code
The Dark Hills of Cherai
The Fall Trilogy
The Mirror Mysteries
The Treasures of Mystery Island
The Tudors
Trapped: The Abduction
Treasure Masters
Treasure Seekers: The Enchanted Canvases
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vampire Saga: Pandora's Box
Veronica Rivers: Portals to the Unknown
Vista Services Optimizer
Visual C++ 8.0 Runtime Setup Package (x64)
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.0.5
Wild West Quest
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows Resource Kit Tools - SubInAcl.exe
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar

Thanks for your time,
Theo
Dusky
Active Member
 
Posts: 1
Joined: March 28th, 2010, 8:36 am
Advertisement
Register to Remove

Re: Too much removed?

Unread postby Dakeyras » March 29th, 2010, 10:53 am

I see from your HJT log that you're using a 64 bit operating system.

Unfortunately, the tools we use to analyze and remove infections do not work properly on a 64 bit operating system, and their results cannot be relied upon. Because of this, it is almost impossible for us to correctly diagnose problems, and the fixes we might offer could potentially do as much damage to your computer as any infection you might have.

Due to the above stated reasons, we do not at this time offer support for 64 bit operating systems. We are sorry that we are currently unable to assist you.

This topic is now closed.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8804
Joined: November 21st, 2007, 5:30 am
Location: The Tundra


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 325 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware