Jump to content


Photo
- - - - -

problems with real player and media player


  • This topic is locked This topic is locked
66 replies to this topic

#41 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 December 2008 - 03:54 PM

Well that's strange, I've heard of older BitDefender versions causing problems
You don't have it installed, but you have the Online scanner installed
In IE7
Click on TOOLS>> click Uninstall BitDefender Online Scanner v8.

Reboot and see if it helps

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#42 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 12 December 2008 - 03:58 PM

Well that's strange, I've heard of older BitDefender versions causing problems
You don't have it installed, but you have the Online scanner installed
In IE7
Click on TOOLS>> click Uninstall BitDefender Online Scanner v8.

Reboot and see if it helps


Where I am clinking on TOOLS? IN IE?

#43 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 December 2008 - 04:02 PM

Right click on an empty spot on the Top Toolbar and select Menubar

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#44 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 12 December 2008 - 04:05 PM

Where I am clinking on TOOLS? IN IE?



I found it under IE>tools>manage add ons
It's marked disabled How do I get rid of it?

#45 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 12 December 2008 - 04:12 PM

Ok I clicked on the toolbar selected menubar. I don't see anything related to BitDefender

#46 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 December 2008 - 07:16 PM

Can you try the following
I had to step out, so I ran an online virus Scan with BitDefender while I was away

Can you temporarily disable AVG realtime protection
Double click it's icon by the clock and open it's realtime protection Module
And uncheck it's option and save the change
This is so it won't interfere

Then, using IE
Go to the following link
http://www.bitdefend...m/scan8/ie.html
Click the I agree button, allow activex control to install if prompted and run a scan
When the scan is done
Choose to save a report
Save the report to your desktop>>Giving it a name, such as Virusscan
It may be in HTML format

That's ok, reboot
Back in Windows, open IE7
Click on TOOLS>>Uninstall BitDefender Online scanner
Ensure you close IE at the prompt then OK it to uninstall the scanner
Reboot one more time

Back in Windows
Can you post a fresh hijackthis log please
Also post the log from BitDefender
You can open the HTML and choose EDIT>>Select ALL>>Edit>>Copy

I have to step out again, but the scan may take up to an hour, I should be back shortly after that

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#47 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 12 December 2008 - 10:07 PM

Ok, performed the tasks you asked. One thing though. When go to IE Tools>Manage addons>Enable or Disable I see under Disabled "Uninstall bitdefender online scanner V8" but it doesn't allow me to do anything with it.

Here's the logs

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:06 PM, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Frank Wishinsky\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.birdchann...lk/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" -"http://www.noggin.co...&sem=SEO_SSP_Y"
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Frank Wishinsky"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MSOffice\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MSOffice\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.micr...veX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....wareScanner.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1135110221890
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.w...ler/install.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Closet Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecu...asyInstallX.CAB
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/...tall/AxCtp2.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 10916 bytes

BitDefender Online Scanner



Scan report generated at: Fri, Dec 12, 2008 - 22:05:16





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:28:56

Files
367169

Folders
12495

Boot Sectors
0

Archives
9367

Packed Files
31554




Results

Identified Viruses
3

Infected Files
31

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
31




Engines Info

Virus Definitions
2194142

Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins
15

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
0




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Chipmunks\Eric Clapton Bb King - Lay Down Sally.wma
Infected with: Trojan.Downloader.GetCodec.C

C:\Chipmunks\Eric Clapton Bb King - Lay Down Sally.wma
Disinfection failed

C:\Chipmunks\Eric Clapton Bb King - Lay Down Sally.wma
Deleted

C:\Documents and Settings\Frank Wishinsky\My Documents\My Downloads\peanuts10.exe=>(Instyler o)=>(Instyler Module 1)
Infected with: Trojan.Generic.219244

C:\Documents and Settings\Frank Wishinsky\My Documents\My Downloads\peanuts10.exe=>(Instyler o)=>(Instyler Module 1)
Disinfection failed

C:\Documents and Settings\Frank Wishinsky\My Documents\My Downloads\peanuts10.exe=>(Instyler o)=>(Instyler Module 1)
Deleted

C:\Documents and Settings\Frank Wishinsky\My Documents\My Downloads\peanuts10.exe=>(Instyler o)
Update failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115256.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115256.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115256.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115301.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115301.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115301.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115617.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115617.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-115617.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122824.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122824.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122824.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122848.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122848.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-122848.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125949.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125949.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125949.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125955.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125955.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-125955.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131142.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131142.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131142.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131609.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131609.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-131609.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-134339.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-134339.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-134339.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135806.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135806.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135806.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135810.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135810.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-135810.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-143325.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-143325.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-143325.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-152802.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-152802.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-152802.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-153806.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-153806.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-153806.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-165457.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-165457.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-165457.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-173443.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-173443.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-173443.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175010.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175010.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175010.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175842.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175842.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175842.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175843.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175843.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-175843.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-182428.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-182428.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-182428.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-183009.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-183009.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-183009.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184111.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184111.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184111.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184117.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184117.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050328-184117.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170106.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170106.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170106.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170332.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170332.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170332.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170945.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170945.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050329-170945.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.20050329-171002.backup
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.20050329-171002.backup
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.20050329-171002.backup
Deleted

C:\WINDOWS\system32\drivers\etc\hosts.bak
Infected with: Trojan.QHost.CU

C:\WINDOWS\system32\drivers\etc\hosts.bak
Disinfection failed

C:\WINDOWS\system32\drivers\etc\hosts.bak
Deleted

#48 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 01:00 AM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Any luck with WMP?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#49 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 04:45 AM

Do a "System scan only" with Hijackthis and put a check next to these entries:

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Any luck with WMP?


Sorry I took so long to get back. I did everything above, but WMP locked up on the first video.

#50 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 11:24 AM

Can you right click on the file your trying to play
Select Properties
What's the exact extension of the file
as eg...
.mpg or .avi

My computer recently has started freezing when we try to view videos

Since it just starting happening, can you think of any program you installed just before you noticed the freezing?
Anything at all, even AntiVirus software

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#51 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 12:13 PM

[quote name='guestolo' date='Dec 13 2008, 12:24 PM' post='450220']
Can you right click on the file your trying to play
Select Properties
What's the exact extension of the file
as eg...
.mpg or .avi


Since it just starting happening, can you think of any program you installed just before you noticed the freezing?
Anything at all, even AntiVirus software

/quote]


The two files I have been trying to play are wmv and mpeg.

As far as any new software. The only thing we have installed lately is quicken 2008. I am pretty sure the problem didn't start immediately after that. A fair amount of time had passed before it started.

#52 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 12:29 PM

Ok, out of curiosity I went back and ran the windows media test. It didn't work when you asked me to do it before (both Firefox and IE). Well, it works now in both. I then went and tried the two videos I have been using and it locked up.

#53 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 01:04 PM

Can you go back into the Performance tab in Windows Media Player

Move the Video Acceleration to None and apply it, see if you can play those files
If not, move it back to Full

Do you have any other wmv or mpeg you can try?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#54 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 01:31 PM

Ok, I moved it to none. All three videos froze the computer immediately, within a split second. I then reset the computer and moved it back to full. All three played without problems. I even stopped and started it indifferent spots. All with no problems. I am going to check a website with a video to try. Any you can recommend?

#55 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 01:43 PM

You won't be able to play .avi or mpeg2 possibly without proper codecs
I thought your codecs got corrupt and was going to have you try another player

But your problems may be straightened out
You can test .mpeg at the following
http://www-eng-x.lln...tests/mpeg.html
2 top links, one is Only video
The bigger is audio/video
You can either open them, or save them to disk

You can test .wmv at the following link
http://home.att.net/...68/wmvtest.html
Click on Transformer Video>>I think it's a bit of a weird video, Not Adult content, it's General viewing

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#56 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 02:06 PM

Oh, and can I double check your Hosts file please
Open Hijackthis>>Open the "Misc Tools Section"
Click to Open the "Hosts file Manager"
Click to Open in Notepad

The copy/paste back here the whole contents please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#57 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 02:23 PM

Oh well, I thought it was fixed. Until I tried your suggested links. With the first link the video only locked up right off the bat. The audio/video worked. The wmv worked with no problems. Here's the host

127.0.0.1 localhost
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear-search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr-sch.com
127.0.0.1 sds-qckads.com
127.0.0.1 status.qckads.com


Would it help to uninstall Real player and WMP and install different player to see what happens?

#58 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 02:37 PM

It looks like your Host file was changed a bit from an earlier infection that appears to be gone now
Download HostsXpert Here and unzip it to your desktop.
Next, open HostsXpert
  • Make sure that the "make hosts writable?" button in the upper left corner is checked>>Should read 'Make Readonly'
  • then click on 'Restore MS host files'>>OK
  • Close HostsXpert.
You can delete HostXpert after that

Are you having troubles running any other video files on your computer?
Why not wait a bit, I'll leave this topic open
If you do have troubles within a week, post back, if not, I'll close it after a week as it appears resolved
Take note: we can reopen it at any time if you PM me, or simply start a new topic
But as I said, I'll keep it open for a weeks time

I do have another video player you can try if you want to try it?
No need to uninstall Window Media Player however

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#59 big frank

big frank

    Member

  • Members
  • PipPipPip
  • 52 posts

Posted 13 December 2008 - 04:03 PM

No sooner do I think it's ok. It locks up. HostsXpert like you asked. Then I tried running the video only on that link and it locked up.
I'd made sure it "make read only" was selected. After it locked u, I ran Hijack in the Host file manager Here's the notepad from that

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a "#" symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
#
127.0.0.1 localhost

Is this ok? How about I try a new player? Can you recommend a good one that's free? At least I could check with it.

#60 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 December 2008 - 04:06 PM

Just on our way out to get an Xmas tree, I'll be back in less than a couple hours
Check back then please

If it's only that one small video, it's very short
Maybe your starting it and it ends right away

As said, check your other video files, see if you can get them to lock up, if not, you could be good

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here