Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google updater? Needs to close?

  • This topic is locked This topic is locked
2 replies to this topic

#1 Rwmurrow


  • Members
  • 4 posts
  • Local time:10:16 PM

Posted 04 January 2010 - 09:01 PM

google updater needs to close window pops up and laptop freezes a lot.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Richard at 19:34:52.54 on Mon 01/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.857 [GMT -6:00]

AV: CyberDefender Internet Security *On-access scanning enabled* (Updated) {927E6897-6B83-47F0-BEB2-FB3193AB8764}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:WINDOWSsystem32svchost -k DcomLaunch
C:WINDOWSsystem32svchost -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:Program FilesIntelWirelessBinEvtEng.exe
C:Program FilesIntelWirelessBinS24EvMon.exe
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k LocalService
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesNeroNero8InCDInCDsrv.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:Program FilesNeroNero8InCDNBHRegInCDSrv.exe
C:Program FilesSpyware DoctorpctsAuxs.exe
C:Program FilesSpyware DoctorpctsSvc.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesSpyware DoctorpctsTray.exe
C:Program FilesSynapticsSynTPSynTPEnh.exe
C:Program FilesSynapticsSynTPToshiba.exe
C:Program FilesToshibaToshiba Appletthotkey.exe
C:Program FilesTOSHIBAConfigFreeNDSTray.exe
C:Program FilesToshibaTvsTvsTray.exe
C:Program FilesTOSHIBATOSHIBA ControlsTFncKy.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTOSHIBATOSHIBA Zooming UtilitySmoothView.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesRealRealPlayerRealPlay.exe
C:Program FilesIntelWirelessBinifrmewrk.exe
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesTOSHIBATOSCDSPDtoscdspd.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesInternet ExplorerIexplore.exe
C:Documents and SettingsRichardDesktopdds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:progra~1yahoo!companioninstallscpnyt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:program filescommon filesadobeacrobatactivexAcroIEHelper.dll
BHO: {22ca0c53-1b63-4253-9000-1446f318d7b3} - c:windowssystem32iifEWnnN.dll
BHO: {2753b591-d1ec-4a00-93e4-cec5247eb60c} - c:windowssystem32pmnKEwXQ.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:program filesrealrealplayerrpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:program filesspybot - search & destroySDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:program filesyahoo!commonyiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:windowssystem32dlaDLASHX_W.DLL
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:program filescanoneasy-webprintEWPBrowseLoader.dll
BHO: {77ab5974-55a3-4737-9fd5-b93c64307f78} - c:windowssystem32qepocjtv.dll
BHO: {77ab59b4-55a3-4737-9fd5-b93c6430bf78} - c:windowssystem32rdbxjrtx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:progra~1yahoo!companioninstallscpnYTSingleInstance.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:program filescanoneasy-webprintToolband.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:progra~1yahoo!companioninstallscpnyt.dll
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:windowssystem32Shdocvw.dll
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [TOSCDSPD] c:program filestoshibatoscdspdtoscdspd.exe
uRun: [settdebugx.exe] c:docume~1richardlocals~1tempsettdebugx.exe
mRun: [SynTPEnh] c:program filessynapticssyntpSynTPEnh.exe
mRun: [THotkey] c:program filestoshibatoshiba appletthotkey.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:program filestoshibatvsTvsTray.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TPSMain] TPSMain.exe
mRun: [SmoothView] c:program filestoshibatoshiba zooming utilitySmoothView.exe
mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon
mRun: [TkBellExe] "c:program filescommon filesrealupdate_obrealsched.exe" -osboot
mRun: [SSBkgdUpdate] "c:program filescommon filesscansoft sharedssbkgdupdateSSBkgdupdate.exe" -Embedding -boot
mRun: [Pinger] c:toshibaivpismpinger.exe /run
mRun: [IntelWireless] "c:program filesintelwirelessbinifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [HPDJ Taskbar Utility] c:windowssystem32spooldriversw32x863hpztsb09.exe
mRun: [ZoneAlarm Client] "c:program fileszone labszonealarmzlclient.exe"
mRun: [ISTray] "c:program filesspyware doctorpctsTray.exe"
mRun: [SunJavaUpdateSched] "c:program filesjavajre6binjusched.exe"
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportbinAppleSyncNotifier.exe
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
dRun: [Picasa Media Detector] c:program filespicasa2PicasaMediaDetector.exe
IE: &Search
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:program filescanoneasy-webprintToolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:program filescanoneasy-webprintToolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:program filescanoneasy-webprintToolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:program filescanoneasy-webprintToolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:program filesyahoo!commonyiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:windowssystem32Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:program filesyahoo!commonYinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:program fileshphpcoretechcomphpuiprot.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:program fileslibronix dlssystemFileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:program fileslibronix dlssystemResProt.dll
Notify: igfxcui - igfxdev.dll
Notify: pmnKEwXQ - pmnKEwXQ.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: {2753b591-d1ec-4a00-93e4-cec5247eb60c} - c:windowssystem32pmnKEwXQ.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 c:windowssystem32iifEWnnN
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:program filescommon fileslightscribeLSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:docume~1richardapplic~1mozillafirefoxprofiles9hvhdxpg.default
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.discgolfreview.com/forums/
FF - component: c:documents and settingsrichardapplication datamozillafirefoxprofiles9hvhdxpg.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - plugin: c:documents and settingsrichardapplication datamove networkspluginsnpqmp071503000010.dll
FF - plugin: c:documents and settingsrichardapplication datamove networkspluginsnpqmp071701000002.dll
FF - plugin: c:documents and settingsrichardapplication datamove networkspluginsnpqmp071705000014.dll
FF - plugin: c:documents and settingsrichardapplication datamozillafirefoxprofiles9hvhdxpg.defaultextensions{e2883e8f-472f-4fb0-9522-ac9bf37916a7}pluginsnp_gp.dll
FF - plugin: c:program filesdivxdivx plus web playernpdivx32.dll
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgooglepicasa3npPicasa3.dll
FF - plugin: c:program filesgoogleupdate1.2.183.13npGoogleOneClick8.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpmozax.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpmusicn.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpnipp.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPTURNMED.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpunagi2.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpyaxmpb.dll
FF - plugin: c:program filesoperaprogrampluginsnpdivx32.dll
FF - plugin: c:program filesoperaprogrampluginsNPSibelius.dll
FF - plugin: c:program filesoperaprogrampluginsNPTURNMED.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:program filesmozilla firefoxextensions{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:program filesmozilla firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:windowssystem32driversikfilesec.sys [2008-7-30 42376]
R1 IKSysFlt;System Filter Driver;c:windowssystem32driversiksysflt.sys [2008-7-30 66952]
R1 IKSysSec;System Security Driver;c:windowssystem32driversiksyssec.sys [2008-7-30 81288]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:windowssystem32driversnipplpt.sys [2006-11-6 34671]
R1 vsdatant;vsdatant;c:windowssystem32vsdatant.sys [2009-2-9 353672]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:program filesneronero8incdNBHRegInCDSrv.exe [2008-7-10 53032]
R2 sdAuxService;PC Tools Auxiliary Service;c:program filesspyware doctorpctsAuxs.exe [2008-7-30 747912]
R2 sdCoreService;PC Tools Security Service;c:program filesspyware doctorpctsSvc.exe [2008-7-30 948616]
R2 vsmon;TrueVector Internet Monitor;c:windowssystem32zonelabsvsmon.exe -service --> c:windowssystem32zonelabsvsmon.exe -service [?]
S1 parportt;parportt; [x]
S2 gupdate1c9a0d06548e4cc;Google Update Service (gupdate1c9a0d06548e4cc);c:program filesgoogleupdateGoogleUpdate.exe [2009-3-9 133104]
S3 CDAVFS;CDAVFS;c:windowssystem32driversCDAVFS.sys [2008-7-30 67424]
S3 JL2005;JL2005A Toy Camera; [x]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:windowssystem32driversplturbh.sys [2009-8-8 9728]
S3 PLTurbo;Prolific turbo filter driver for odd;c:windowssystem32driversplturbo.sys [2009-8-8 9984]
S4 McAfeeFramework;McAfee Framework Service;c:program filesnetwork associatescommon frameworkFrameworkService.exe [2006-9-27 102463]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-01-03 23:11:33 860 ----a-w- c:windowssystem32krl32mainweq.dll
2010-01-03 23:10:19 202 ----a-w- c:windowssystem32srcr.dat
2010-01-03 14:12:55 55656 ----a-w- c:windowssystem32driversavgntflt.sys
2009-12-24 18:02:18 0 d-----w- c:program filescommon filesDivX Shared
2009-12-22 03:01:13 0 d-----w- c:docume~1alluse~1applic~1{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-22 02:59:26 0 d-----w- c:program filesBonjour
2009-12-17 19:24:50 0 d-----w- c:windowsSxsCaPendDel
2009-12-11 21:22:21 24158 ----a-w- c:documents and settingsrichardUntitled6 - Bb Clarinet 1.mus
2009-12-11 21:21:01 20422 ----a-w- c:documents and settingsrichardUntitled4 - Bb Clarinet 1.mus
2009-12-11 21:15:39 24158 ----a-w- c:documents and settingsrichardUntitled1 - Bb Clarinet 1.mus

==================== Find3M ====================

2009-12-22 03:08:32 60556 ---ha-w- c:windowssystem32mlfcache.dat
2009-11-25 22:09:21 139152 ----a-w- c:windowssystem32driversPnkBstrK.sys
2009-11-25 22:09:21 139152 ----a-w- c:docume~1richardapplic~1PnkBstrK.sys
2009-11-25 22:09:08 111928 ----a-w- c:windowssystem32PnkBstrB.exe
2009-11-25 22:08:48 794408 ----a-w- c:windowssystem32pbsvc.exe
2009-11-25 22:08:48 75064 ----a-w- c:windowssystem32PnkBstrA.exe
2009-10-29 07:46:59 832512 ----a-w- c:windowssystem32wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:windowssystem32ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:windowssystem32corpol.dll
2009-10-21 06:00:55 75776 ----a-w- c:windowssystem32strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w- c:windowssystem32httpapi.dll
2009-10-13 10:53:29 266752 ----a-w- c:windowssystem32oakley.dll
2009-10-12 13:54:17 69632 ----a-w- c:windowssystem32raschap.dll
2009-10-12 13:54:17 112128 ----a-w- c:windowssystem32rastls.dll
2009-10-11 10:17:27 411368 ----a-w- c:windowssystem32deploytk.dll
2009-01-15 18:13:39 108021 --sha-w- c:windowssystem32NnnWEfii.ini2

============= FINISH: 19:36:37.56 ===============

I also get the google search redirected to spam sites thing.

Merged posts. ~ OB

Attached Files

Edited by Orange Blossom, 08 January 2010 - 10:17 AM.

BC AdBot (Login to Remove)


#2 myrti



  • Malware Study Hall Admin
  • 33,784 posts
  • Gender:Female
  • Location:At home
  • Local time:06:16 AM

Posted 12 January 2010 - 08:38 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 myrti



  • Malware Study Hall Admin
  • 33,784 posts
  • Gender:Female
  • Location:At home
  • Local time:06:16 AM

Posted 17 January 2010 - 02:11 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!


Follow BleepingComputer on: Facebook | Twitter | Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users