Page 4 of 4 FirstFirst 1234
Results 31 to 39 of 39

Thread: Nasty infestation. No Anti Virus will run. (Inactive)

  1. #31
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Right, it looks like you have some infected e-mails there.
    I'm not sure if they are inbox or outbox or where, I'm not familiar with that client.

    C:\pmta\Xfrs\dst\01c9eeafa56b9b30.msg[UPSFILE_NR67721912.zip][UPSFILE_NR67721912.exe]
    C:\pmta\Xfrs\rz\01c9ee3db6618a52.msg[document.pif]
    C:\pmta\Xfrs\rz\01c9eea7c3f620aa.msg[postcard.zip][postcard.txt .scr]
    C:\pmta\Xfrs\rz\01c9eea585cf7530.msg[postcard.zip][postcard.htm .scr]
    Let's check that other file, it shouldn't be being flagged.

    Submit a File For Analysis
    We need to have the files below Scanned by Uploading them/it to Virus Total

    Please visit Virustotal
    Copy/paste the the following file path into the window
    C:\WINDOWS\system32\jdbgmgr.exe
    Click Submit/Send File

    When the scan has finished, you can copy the URL from the browser address window and paste it in your reply.

    If Virustotal is too busy please try Jotti
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  2. #32
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    I deleted the email msgs.

    Here is the link:
    http://www.virustotal.com/analisis/5...9d7-1247394400

  3. #33
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Hmmm, let's have a closer look at that file, and then see if we can find a replacement.



    Upload a File
    Download suspicious file packer from here

    Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop

    C:\WINDOWS\system32\jdbgmgr.exe

    Go to spykiller

    Please start a new thread Titled File/s for Katana and give the following information
    • Name:-- Your name
    • E-mail:-- Your E-mail (this is confidential and will not be displayed)
    • Subject:-- File for Katana

    In the main text window please put the following link
    Code:
    http://forums.spybot.info/showthread.php?p=327836#post327836
    you may also add any comments you wish
    then press attach and upload the zip/cab file that was created.

    Files can be uploaded by anybody but not downloaded at all except for those users that have been given special permissions.
    You DO NOT need to be a member to upload, anybody can upload the files


    You can now delete SFP (exe and Zip) along with the .cab file that was created


    ----------------------------------------------------------------------------------------
    Download and Run SystemLook

    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      :dir
      c:\Program Files\Windows Antivirus Pro
      c:\windows\system32\images
      c:\Program Files\creytd
      :file
      C:\WINDOWS\system32\jdbgmgr.exe 
      :reg
      HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop /s
      :filefind
      jdbgmgr.exe 
      :comment
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  4. #34
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Hi Katana.
    Below is the log. Just an fyi, I had the real-time debugger launch a couple times this morning, which concerned me. As such I ran Spybot S&D just to check if something new had started running on the sys. It found the remnants of Windows AntiVirus Pro. The directory and two reg keys. I went ahead and let SS&D remove those items.

    SystemLook v1.0 by jpshortstuff (22.05.09)
    Log created at 07:51 on 11/08/2009 by Owner (Administrator - Elevation successful)

    ========== dir ==========

    c:\Program Files\Windows Antivirus Pro - Unable to find folder.

    c:\windows\system32\images - Parameters: "(none)"

    ---Files---
    i1.gif --a--- 1744 bytes [23:27 03/08/2009] [22:17 21/11/2008]
    i2.gif --a--- 1663 bytes [23:27 03/08/2009] [22:17 21/11/2008]
    i3.gif --a--- 1689 bytes [23:27 03/08/2009] [22:17 21/11/2008]
    j1.gif --a--- 3957 bytes [23:27 03/08/2009] [22:12 21/11/2008]
    j2.gif --a--- 47 bytes [23:27 03/08/2009] [22:12 21/11/2008]
    j3.gif --a--- 3857 bytes [23:27 03/08/2009] [23:33 27/11/2008]
    jj1.gif --a--- 114 bytes [23:27 03/08/2009] [22:14 21/11/2008]
    jj2.gif --a--- 48 bytes [23:27 03/08/2009] [22:14 21/11/2008]
    jj3.gif --a--- 105 bytes [23:27 03/08/2009] [22:40 21/11/2008]
    l1.gif --a--- 3749 bytes [23:27 03/08/2009] [21:39 21/11/2008]
    l2.gif --a--- 92 bytes [23:27 03/08/2009] [21:39 21/11/2008]
    l3.gif --a--- 468 bytes [23:27 03/08/2009] [21:40 21/11/2008]
    pix.gif --a--- 70 bytes [23:27 03/08/2009] [22:44 21/11/2008]
    t1.gif --a--- 621 bytes [23:27 03/08/2009] [21:47 21/11/2008]
    t2.gif --a--- 1015 bytes [23:27 03/08/2009] [22:17 21/11/2008]
    up1.gif --a--- 5568 bytes [23:27 03/08/2009] [21:28 21/11/2008]
    up2.gif --a--- 696 bytes [23:27 03/08/2009] [21:29 21/11/2008]
    w1.gif --a--- 3028 bytes [23:27 03/08/2009] [21:56 21/11/2008]
    w11.gif --a--- 3431 bytes [23:27 03/08/2009] [22:08 21/11/2008]
    w2.gif --a--- 47 bytes [23:27 03/08/2009] [21:56 21/11/2008]
    w3.gif --a--- 3430 bytes [23:27 03/08/2009] [23:30 27/11/2008]
    w3.jpg --a--- 1912 bytes [23:27 03/08/2009] [23:34 27/11/2008]
    wt1.gif --a--- 176 bytes [23:27 03/08/2009] [21:57 21/11/2008]
    wt2.gif --a--- 51 bytes [23:27 03/08/2009] [21:57 21/11/2008]
    wt3.gif --a--- 119 bytes [23:27 03/08/2009] [21:57 21/11/2008]

    ---Folders---
    None found.

    c:\Program Files\creytd - Parameters: "(none)"

    ---Files---
    None found.

    ---Folders---
    None found.

    ========== file ==========

    C:\WINDOWS\system32\jdbgmgr.exe - File found and opened.
    MD5: 9A717FC17EA205785094CAA96C30945C
    Created at 06:24 on 24/01/2009
    Modified at 18:29 on 02/06/1998
    Size: 14848 bytes
    Attributes: --a---
    FileDescription: Microsoft® Debugger Registrar for Java
    FileVersion: 5.00.2752
    ProductVersion: 5.00.2752
    OriginalFilename: JDBGMGR.EXE
    InternalName: JDbgMgr
    ProductName: Microsoft® Windows® Operating System
    CompanyName: Microsoft Corporation
    LegalCopyright: Copyright © Microsoft Corp. 1996-1998

    ========== reg ==========

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop]
    (No values found)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Components]
    "DeskHtmlMinorVersion"= 0x0000000005 (5)
    "DeskHtmlVersion"= 0x0000000110 (272)
    "GeneralFlags"= 0000000000 (0)
    "Settings"= 0x0000000001 (1)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Components\0]
    "CurrentState"=02 00 00 40 (REG_BINARY)
    "Flags"= 0x0000002000 (8192)
    "FriendlyName"="tets"
    "OriginalStateInfo"=18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 (REG_BINARY)
    "Position"=2c 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 de 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (REG_BINARY)
    "RestoredStateInfo"=18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 (REG_BINARY)
    "Source"="C:\WINDOWS\system32\onhelp.htm"
    "SubscribedURL"="C:\WINDOWS\system32\onhelp.htm"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\General]
    "BackupWallpaper"=""
    "ComponentsPositioned"= 0x0000000001 (1)
    "TileWallpaper"="0"
    "Wallpaper"=""
    "WallpaperFileTime"=00 00 00 00 00 00 00 00 (REG_BINARY)
    "WallpaperLocalFileTime"=00 f8 29 17 d6 ff ff ff (REG_BINARY)
    "WallpaperStyle"="2"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Old WorkAreas]
    "NoOfOldWorkAreas"= 0x0000000001 (1)
    "OldWorkAreaRects"=00 00 00 00 00 00 00 00 00 05 00 00 de 02 00 00 (REG_BINARY)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\SafeMode]
    (No values found)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\SafeMode\Components]
    "DeskHtmlVersion"= 0000000000 (0)

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\SafeMode\General]
    "VisitGallery"= 0000000000 (0)
    "Wallpaper"="%SystemRoot%\Web\SafeMode.htt"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Scheme]
    "Display"=""
    "Edit"=""


    ========== filefind ==========

    Searching for "jdbgmgr.exe "
    No files found.

    -=End Of File=-

  5. #35
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    ========== file ==========

    C:\WINDOWS\system32\jdbgmgr.exe - File found and opened.
    ========== filefind ==========

    Searching for "jdbgmgr.exe "
    No files found.
    Now that doesn't make any sense ?

    How can it not find the file if it has already opened it once ?????

    Let me have a think, I'll be back shortly
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  6. #36
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    ----------------------------------------------------------------------------------------
    Step 1


    OTMoveIt
    Please download OTM by OldTimer and save it to your desktop
    • Double-click OTM.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Processes )

    Code:
    :Processes
    :Reg
    [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Components]
    :Files
    C:\WINDOWS\system32\onhelp.htm
    c:\windows\system32\images
    c:\Program Files\creytd
    :Commands
    [Purity]
    [EmptyTemp]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • - Close ALL open windows (especially Internet Explorer!)-
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTM


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


    ----------------------------------------------------------------------------------------
    Step 2


    Download and Run Registry Search
    Download (LINK >>>) Registry Search (<<< LINK) to your desktop.
    • Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
    • Open the new folder, and double click on regsearch.exe
    • In the top window copy/paste the following line
      • jdbgmgr
    • Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
    • Please save the text file at you desktop and call it found-entries.

    Paste the results in your reply

    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • OTMoveIt Log
    • RegSearch Log
    • A fresh HJT log (C:\Program Files\trend micro\Owner.exe)
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #37
    Junior Member
    Join Date
    Aug 2009
    Posts
    28

    Default

    Logs as requested:

    All processes killed
    ========== PROCESSES ==========
    ========== REGISTRY ==========
    Registry key HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\Components\ deleted successfully.
    ========== FILES ==========
    C:\WINDOWS\system32\onhelp.htm moved successfully.
    c:\windows\system32\images moved successfully.
    c:\Program Files\creytd moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 98438 bytes
    ->Java cache emptied: 13681514 bytes
    ->FireFox cache emptied: 36879139 bytes
    ->Google Chrome cache emptied: 5928795 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 5310 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 54.00 mb


    OTM by OldTimer - Version 3.0.0.6 log created on 08112009_083623

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    Windows Registry Editor Version 5.00

    ; Registry Search 2.0 by Bobbi Flekman © 2005
    ; Version: 2.0.6.0

    ; Results at 8/11/2009 8:43:33 AM for strings:
    ; 'jdbgmgr
    * jdbgmgr
    jdbgmgr'
    ; Strings excluded from search:
    ; (None)
    ; Search in:
    ; Registry Keys Registry Values Registry Data
    ; HKEY_LOCAL_MACHINE HKEY_USERS


    ; End Of The Log...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:46:28 AM, on 8/11/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\pmta\gmsmux\wrapper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\pmta\jre\bin\java.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\HPQ\shared\hpqwmi.exe
    C:\Program Files\trend micro\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase1140.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1229973284213
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Visual Studio Analyzer RPC bridge - Unknown owner - C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe (file missing)

    --
    End of file

  8. #38
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    After a bit more research, you don't actually need the jdbgmgr.exe file unless you develop Java programs.



    OTMoveIt

    • Double-click OTM.exe to run it.
    • Copy the lines in the codebox below. ( Make sure you include :Processes )

    Code:
    :Processes
    :Files
    C:\WINDOWS\system32\jdbgmgr.exe
    :Commands
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

    • - Close ALL open windows (especially Internet Explorer!)-
    • Click the red Moveit! button.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.
    • Close OTM


    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    How are things running now, any problems still ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  9. #39
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
    Last edited by tashi; 2009-08-25 at 00:07. Reason: Thank you katana
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •