Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HJT Log

Unread postby noc » March 21st, 2008, 9:30 pm

AVG has encountered 7 threats that it was unable to remove - can anybody help?

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:16:10, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
F:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\Program Files\Spyware Doctor\pctsAuxs.exe
F:\Program Files\Spyware Doctor\pctsSvc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\alg.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\WINDOWS\system32\DeltaIITray.exe
F:\PROGRA~1\Grisoft\AVG7\avgcc.exe
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Spyware Doctor\pctsTray.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
F:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] F:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] F:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISTray] "F:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] F:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4151670171
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - F:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Diskeeper Corporation - F:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: iPod Service - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5511 bytes
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm
Advertisement
Register to Remove

Re: HJT Log

Unread postby sjpritch25 » March 23rd, 2008, 7:51 pm

Welcome to MR !!!!! :hello2:

Can you tell me where AVG found those files??
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 24th, 2008, 11:49 am

Hi,

AVG found them at the following places:

I:\Ableton Live6 (Mac) updated-fixed Release 05-2007.zip\Setup.exe
I:\Ableton Live6 (Mac) updated-fixed Release 05-2007.zip
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS\KeyGen.exe
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS\KeyGen.exe
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip
I:\DL\Waves 5.2 + L3 + iLOK Reset MacOSX(1).rar\setup.exe
I:\DL\Waves 5.2 + L3 + iLOK Reset MacOSX(1).rar\setup.exe
I:\DL\Waves 5.2 + L3 + iLOK Reset MacOSX(1).rar
I:\DL\Waves 5.2 - L3 - PACE 5.3 - iLok Reset_MacOSX updated-fixed 01-2007.rar\setup.exe
I:\DL\Waves 5.2 - L3 - PACE 5.3 - iLok Reset_MacOSX updated-fixed 01-2007.rar
I:\DL/Waves.Mercury.Bundle-fixed 07-2007.rar:\setup.exe
I:\DL/Waves.Mercury.Bundle-fixed 07-2007.rar

These seem to be linked to programs I no longer have on my computer.

Thanks for your help.
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby sjpritch25 » March 24th, 2008, 12:51 pm

Lets run an Online scan to see if there is anything else lurking.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?". 3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "Next". 5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases". 7. Click "OK". 8. Under "Select a target to scan", click on "My Computer". 9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 24th, 2008, 7:36 pm

Here you go... hope this helps!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 24, 2008 11:32:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/03/2008
Kaspersky Anti-Virus database records: 659498
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 75213
Number of viruses found: 6
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 01:01:39

Infected Object Name / Virus Name / Last Action
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\cert8.db Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\formhistory.dat Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\history.dat Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\key3.db Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\parent.lock Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\search.sqlite Object is locked skipped
F:\Documents and Settings\me\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\urlclassifier2.sqlite Object is locked skipped
F:\Documents and Settings\me\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\Cache\_CACHE_001_ Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\Cache\_CACHE_002_ Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\Cache\_CACHE_003_ Object is locked skipped
F:\Documents and Settings\me\Local Settings\Application Data\Mozilla\Firefox\Profiles\6mn58im2.default\Cache\_CACHE_MAP_ Object is locked skipped
F:\Documents and Settings\me\Local Settings\History\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\me\Local Settings\History\History.IE5\MSHist012008032420080325\index.dat Object is locked skipped
F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\9VWXTGSH\SelectRebatesSetup_pa1004[1].exe Infected: not-a-virus:AdWare.Win32.Sahat.bp skipped
F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\me\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\me\NTUSER.DAT.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{C17D435B-D8D6-489C-965D-2942D0773B40}\RP29\A0005425.dll Infected: not-a-virus:Downloader.Win32.AdLoad.a skipped
F:\System Volume Information\_restore{C17D435B-D8D6-489C-965D-2942D0773B40}\RP30\change.log Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
F:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
F:\WINDOWS\Internet Logs\HAROLD.ldb Object is locked skipped
F:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
F:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\EventCache\{F4CDB7E2-8A2F-4330-84AB-C96A72E9C3E6}.bin Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
F:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\system32\mysidesearch_sidebar.dll Infected: not-a-virus:AdWare.Win32.Agent.aoa skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\Temp\Perflib_Perfdata_b4.dat Object is locked skipped
F:\WINDOWS\Temp\ZLT00ac1.TMP Object is locked skipped
F:\WINDOWS\Temp\ZLT020b1.TMP Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\DL\Ableton Live6 (Mac) Fixed updated-fixed Release 05-2007.zip/Setup.exe Infected: P2P-Worm.Win32.Kapucen.ac skipped
I:\DL\Ableton Live6 (Mac) Fixed updated-fixed Release 05-2007.zip ZIP: infected - 1 skipped
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip/Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip ZIP: infected - 1 skipped
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip/Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS/KeyGen.exe Infected: Trojan-Dropper.Win32.Delf.xo skipped
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip ZIP: infected - 1 skipped
I:\DL\Waves 5.2 + L3 + iLok Reset MacOSX(1).rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
I:\DL\Waves 5.2 + L3 + iLok Reset MacOSX(1).rar RAR: infected - 1 skipped
I:\DL\Waves 5.2 - L3 - PACE 5.3 - iLok Reset_MacOSX updated-fixed 01-2007.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
I:\DL\Waves 5.2 - L3 - PACE 5.3 - iLok Reset_MacOSX updated-fixed 01-2007.rar RAR: infected - 1 skipped
I:\DL\Waves.Mercury.Bundle-fixed 07-2007.rar/setup.exe Infected: P2P-Worm.Win32.Kapucen.b skipped
I:\DL\Waves.Mercury.Bundle-fixed 07-2007.rar RAR: infected - 1 skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby sjpritch25 » March 24th, 2008, 7:53 pm

Note: You may need to unhide hidden files and folders.
Configure Windows XP to show hide hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


Please DELETE the following folder(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Folders:
F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5 <-- this folder

Please DELETE the following file(s) IF STILL PRESENT. You can use Windows Explorer to navigate or use Windows Search feature to locate them.

Files:
F:\WINDOWS\system32\mysidesearch_sidebar.dll <-- this file
I:\DL\Ableton Live6 (Mac) Fixed updated-fixed Release 05-2007.zip <-- this file
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.1.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS.zip <-- this file
I:\DL\Waves 5.2 + L3 + iLok Reset MacOSX(1).rar <-- this file
I:\DL\Waves 5.2 - L3 - PACE 5.3 - iLok Reset_MacOSX updated-fixed 01-2007.rar <-- this file
I:\DL\Waves.Mercury.Bundle-fixed 07-2007.rar <-- this file



How is everything running???
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 26th, 2008, 6:46 pm

Right, I have deleted (or attempted to delete) all the files you listed. The only thing I couldn't locate was the folder:

F:\Documents and Settings\me\Local Settings\Temporary Internet Files\Content.IE5

Everything seems to be working ok. I have run AVG again, but it is still telling me it has located 1 threat which it can't remove:

I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMiCS\KeyGen.exe
I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip

I can't locate the above files!
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby sjpritch25 » March 26th, 2008, 9:20 pm

Please download the OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip

  • Return to OTMoveIt2, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. [/list]


Did you unhide hidden files and folders???
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 27th, 2008, 6:15 pm

Yes, I did unhide hidden folders/files, using the directions you listed.

The log is as follows:

I:\DL\Rob.Papen.ConcreteFX.Blue.v1.6.3.VSTi.RTAS.AU.MAC.OSX.UB.Incl.KeyGen-DYNAMICS.zip moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_205723

Can I now simply delete this file?
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby sjpritch25 » March 30th, 2008, 1:09 pm

According to the log, it was moved my OTMoveit. How is everything running???
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 30th, 2008, 4:39 pm

I ran AVG and it was still identifying & failing to remove that one entry, so I deleted the file in OTMoveit, ran AVG again & it came up clean.

Everything is now running smoothy!!

Thanks loads for all your help!

noc
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby sjpritch25 » March 30th, 2008, 7:34 pm

Your Welcome!!!!


Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:


  • Download the latest version of Java Runtime Environment (JRE) 6u5.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.


Now that your system is clean you should SET A NEW RESTORE POINT to prevent future reinfection from the old restore point AFTER cleaning your system of any malware infection. Any trojans or spyware you picked up could have been saved in System Restore and are waiting to re-infect you. Since System Restore is a protected directory, your tools can not access it to delete files, trapping viruses inside. Setting a new restore point should be done to prevent any future reinfection from the old restore point and enable your computer to "roll-back" in case there is a future problem.

To SET A NEW RESTORE POINT:
1. Go to Start > Programs > Accessories > System Tools and click "System Restore".
2. Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
3. Then go to Start > Run and type: Cleanmgr
4. Click "OK".
5. Click the "More Options" Tab.
6. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

Graphics for doing this are in the following links if you need them.
How to Create a Restore Point.
How to use Cleanmgr.

======================================

Here is some useful information on keeping your computer clean:
  1. Most important thing is to make sure Windows is kept up to date with the latest patches and updates from Windows Update.
  2. Here are two great Preventive programs:
    1. SpywareBlaster protects you from malicious ActiveX controls and cookies. Make sure and check for updates twice a month.
    2. IESpyads adds a long list of bad sites to your Restricted sites in Internet Explorer and protects against drive by downloads.
  3. Surf Safe with McAfee's SiteAdisor. SiteAdisor will work with Internet Explorer and Mozilla Firefox. SiteAdisor is a browser plugin that assigns a safety rating to domains listed in your search engine. SiteAdvisor uses the following color codes to indicate the safety level of each site.
    1. Red for Warning
    2. Yellow for Use Caution
    3. Green for Safe
    4. Grey for Unknown

    Here are the link to install SiteAdisor in Internet Explorer and Firefox
  4. Anti-Spyware Programs I Recommend:
    • Free Anti-Spyware Programs
    1. Lavasoft's Ad-Aware SE Personal
    2. Windows Defender
  5. For Even More Information On Securing Your Computer read Tony Klein's So How Did I Get Infected In The First Place
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: HJT Log

Unread postby noc » March 31st, 2008, 5:07 pm

Done & done!

All running well, thanks again for all your help! Really appreciated! :D
noc
Active Member
 
Posts: 7
Joined: March 21st, 2008, 9:23 pm

Re: HJT Log

Unread postby NonSuch » April 8th, 2008, 12:01 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 44 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware